Total
5244 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0679 | 1 Themegrill | 1 Colormag | 2025-05-30 | 6.5 Medium |
| The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins. | ||||
| CVE-2023-48324 | 1 Getawesomesupport | 1 Awesome Support | 2025-05-29 | 5.4 Medium |
| Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.1.4. | ||||
| CVE-2023-49757 | 1 Getawesomesupport | 1 Awesome Support | 2025-05-29 | 5.4 Medium |
| Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.1.10. | ||||
| CVE-2023-49857 | 2 Awesomesupport, Getawesomesupport | 2 Awesome Support Wordpress Helpdesk \& Support, Awesome Support | 2025-05-29 | 6.5 Medium |
| Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.1.7. | ||||
| CVE-2023-45760 | 1 Gvectors | 1 Wpdiscuz | 2025-05-29 | 4.3 Medium |
| Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through 7.6.3. | ||||
| CVE-2024-32715 | 1 Olivethemes | 1 Olive One Click Demo Import | 2025-05-29 | 5.3 Medium |
| Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1. | ||||
| CVE-2023-46309 | 1 Gvectors | 1 Wpdiscuz | 2025-05-29 | 5.3 Medium |
| Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through 7.6.10. | ||||
| CVE-2022-41238 | 1 Jenkins | 1 Dotci | 2025-05-29 | 9.8 Critical |
| A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits. | ||||
| CVE-2024-32792 | 1 Incsub | 1 Hummingbird | 2025-05-29 | 4.3 Medium |
| Missing Authorization vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.7.3. | ||||
| CVE-2024-8437 | 1 Plugingarden | 1 Wp Easy Gallery | 2025-05-29 | 4.3 Medium |
| The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpeg_settings and wpeg_add_gallery in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify galleries. | ||||
| CVE-2024-21630 | 1 Zulip | 1 Zulip Server | 2025-05-29 | 4.3 Medium |
| Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite users and create multi-use invitations, and has also configured only admins to be able to invite users to streams. As in CVE-2023-32677, this does not let users invite new users to arbitrary streams, only to streams that the inviter can already see. Version 8.1 fixes this issue. As a workaround, administrators can limit sending of invitations down to users who also have the permission to add users to streams. | ||||
| CVE-2023-42706 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | 5.5 Medium |
| In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2023-42698 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | 5.5 Medium |
| In omacp service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2023-42685 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | 7.8 High |
| In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||||
| CVE-2023-42681 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | 7.8 High |
| In ion service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||||
| CVE-2023-1705 | 1 Forcepoint | 1 One Smartedge Agent | 2025-05-29 | 8.4 High |
| Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows (bgAutoinstaller service modules) allows Privilege Escalation, Functionality Bypass.This issue affects F|One SmartEdge Agent: before 1.7.0.230330-554. | ||||
| CVE-2023-42747 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | 7.8 High |
| In camera service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||||
| CVE-2023-42736 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | 7.8 High |
| In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||||
| CVE-2024-31099 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-29 | 6.4 Medium |
| Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7. | ||||
| CVE-2024-37444 | 1 Wpmudev | 2 Defender, Defender Security | 2025-05-28 | 5.3 Medium |
| Missing Authorization vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.7.1. | ||||