Total
5240 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2025-47709 | 1 Miniorange | 1 Miniorange 2fa | 2025-06-10 | 6.5 Medium |
Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Forceful Browsing.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. | ||||
CVE-2025-5732 | 1 Carmelogarcia | 1 Traffic Offense Reporting System | 2025-06-10 | 4.3 Medium |
A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2023-2415 | 1 Vcita | 1 Online Booking \& Scheduling Calendar | 2025-06-10 | 5.4 Medium |
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler. | ||||
CVE-2023-2299 | 1 Vcita | 1 Online Booking \& Scheduling Calendar | 2025-06-10 | 5.3 Medium |
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction function. This makes it possible for unauthenticated attackers modify the plugin's settings. | ||||
CVE-2024-32948 | 1 Reputeinfosystems | 1 Armember | 2025-06-09 | 9.1 Critical |
Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.28. | ||||
CVE-2024-32776 | 1 Apppresser | 1 Apppresser | 2025-06-09 | 6.5 Medium |
Missing Authorization vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. | ||||
CVE-2024-34372 | 1 Addonmaster | 1 Post Grid Master | 2025-06-09 | 5.3 Medium |
Missing Authorization vulnerability in AddonMaster Post Grid Master.This issue affects Post Grid Master: from n/a through 3.4.7. | ||||
CVE-2023-48740 | 1 Easysocialfeed | 1 Easy Social Feed | 2025-06-09 | 4.3 Medium |
Missing Authorization vulnerability in Easy Social Feed Easy Social Feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Feed: from n/a through 6.5.1. | ||||
CVE-2023-47841 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2025-06-09 | 4.3 Medium |
Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.1. | ||||
CVE-2023-47832 | 1 Searchiq | 1 Searchiq | 2025-06-09 | 5.3 Medium |
Missing Authorization vulnerability in searchiq SearchIQ allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SearchIQ: from n/a through 4.4. | ||||
CVE-2023-47770 | 1 Muffingroup | 1 Betheme | 2025-06-09 | 7.6 High |
Missing Authorization vulnerability in Muffin Group Betheme.This issue affects Betheme: from n/a through 27.1.1. | ||||
CVE-2023-41953 | 2 Profilepress, Properfraction | 2 Profilepress, Profilepress | 2025-06-09 | 5.3 Medium |
Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through 4.13.1. | ||||
CVE-2023-50882 | 2 Profilepress, Properfraction | 2 Profilepress, Profilepress | 2025-06-09 | 5.3 Medium |
Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfilePress: from n/a through 4.13.2. | ||||
CVE-2023-49835 | 1 Metaphorcreations | 1 Post Duplicator | 2025-06-09 | 4.3 Medium |
Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through 2.31. | ||||
CVE-2023-48774 | 1 Northernbeacheswebsites | 1 Ideapush | 2025-06-09 | 5.4 Medium |
Missing Authorization vulnerability in Martin Gibson IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a through n/a. | ||||
CVE-2025-30897 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2025-06-09 | 4.3 Medium |
Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Analytify: from n/a through 5.5.1. | ||||
CVE-2025-24736 | 1 Metaphorcreations | 1 Post Duplicator | 2025-06-09 | 4.3 Medium |
Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Duplicator: from n/a through 2.35. | ||||
CVE-2025-5894 | 2025-06-09 | 8.8 High | ||
Smart Parking Management System from Honding Technology has a Missing Authorization vulnerability, allowing remote attackers with regular privileges to access a specific functionality to create administrator accounts, and subsequently log into the system using those accounts. | ||||
CVE-2025-45854 | 1 Jehc | 1 Jehc-bpm | 2025-06-09 | 10 Critical |
/server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams. | ||||
CVE-2025-48998 | 1 Dataease | 1 Dataease | 2025-06-09 | 8.8 High |
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. No known workarounds are available. |