Total
5245 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30586 | 1 Nodejs | 1 Node.js | 2025-05-08 | 7.5 High |
| A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process's stack memory to locate the permission model Permission::enabled_ in the host process's heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | ||||
| CVE-2025-47485 | 1 Cozythemes | 1 Cozy Blocks | 2025-05-08 | 5.3 Medium |
| Missing Authorization vulnerability in CozyThemes Cozy Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cozy Blocks: from n/a through 2.1.22. | ||||
| CVE-2025-47486 | 1 Cyberchimps | 1 Gutenberg & Elementor Templates Importer For Responsive | 2025-05-08 | 5.3 Medium |
| Missing Authorization vulnerability in CyberChimps Gutenberg & Elementor Templates Importer For Responsive allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Gutenberg & Elementor Templates Importer For Responsive: from n/a through 3.1.9. | ||||
| CVE-2025-47528 | 1 Wordpress | 1 Wordpress | 2025-05-08 | 4.3 Medium |
| Missing Authorization vulnerability in pewilliams Ovation Elements allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ovation Elements: from n/a through 1.1.2. | ||||
| CVE-2025-47450 | 2025-05-08 | 5.3 Medium | ||
| Missing Authorization vulnerability in Mitchell Bennis Simple File List allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple File List: from n/a through 6.1.13. | ||||
| CVE-2025-47472 | 2025-05-08 | 5.4 Medium | ||
| Missing Authorization vulnerability in codepeople Music Player for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Music Player for WooCommerce: from n/a through 1.5.1. | ||||
| CVE-2025-47457 | 1 Wordpress | 1 Wordpress | 2025-05-08 | 5.3 Medium |
| Missing Authorization vulnerability in dgamoni LocateAndFilter allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects LocateAndFilter: from n/a through 1.6.16. | ||||
| CVE-2025-47467 | 2025-05-08 | 4.3 Medium | ||
| Missing Authorization vulnerability in GS Plugins GS Testimonial Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GS Testimonial Slider: from n/a through 3.3.0. | ||||
| CVE-2025-47480 | 2025-05-08 | 5.4 Medium | ||
| Missing Authorization vulnerability in Iqonic Design Graphina allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Graphina: from n/a through 3.0.4. | ||||
| CVE-2025-47526 | 2025-05-08 | 5.4 Medium | ||
| Missing Authorization vulnerability in GS Plugins GS Variation Swatches for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GS Variation Swatches for WooCommerce: from n/a through 3.0.4. | ||||
| CVE-2025-47469 | 1 Wordpress | 1 Wordpress | 2025-05-08 | 5.4 Medium |
| Missing Authorization vulnerability in slui Media Hygiene allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Media Hygiene: from n/a through 4.0.0. | ||||
| CVE-2025-47465 | 1 Creativethemes | 1 Blocksy | 2025-05-08 | 4.9 Medium |
| Missing Authorization vulnerability in CreativeThemes Blocksy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Blocksy: from n/a through 2.0.97. | ||||
| CVE-2025-47471 | 1 Envothemes | 1 Envo Extra | 2025-05-08 | 4.3 Medium |
| Missing Authorization vulnerability in EnvoThemes Envo Extra allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Envo Extra: from n/a through 1.9.9. | ||||
| CVE-2025-20164 | 1 Cisco | 1 Ios | 2025-05-08 | 8.3 High |
| A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to elevate privileges to privilege level 15. To exploit this vulnerability, the attacker must have valid credentials for a user account with privilege level 5 or higher. Read-only DM users are assigned privilege level 5. | ||||
| CVE-2025-47591 | 1 Wordpress | 1 Wordpress | 2025-05-08 | 4.3 Medium |
| Missing Authorization vulnerability in CreedAlly Bulk Featured Image allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bulk Featured Image: from n/a through 1.2.1. | ||||
| CVE-2025-47602 | 2025-05-08 | 5.4 Medium | ||
| Missing Authorization vulnerability in ammarahmad786 Calculate Prices based on Distance For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Calculate Prices based on Distance For WooCommerce: from n/a through 1.3.5. | ||||
| CVE-2025-47692 | 1 Contentstudio | 1 Contentstudio | 2025-05-08 | 4.3 Medium |
| Missing Authorization vulnerability in contentstudio ContentStudio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ContentStudio: from n/a through 1.3.3. | ||||
| CVE-2024-0907 | 1 Basixonline | 1 Nex-forms | 2025-05-07 | 5.3 Medium |
| The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to restore records. | ||||
| CVE-2025-37087 | 2025-05-07 | 9.8 Critical | ||
| A vulnerability in the cmdb service of the HPE Performance Cluster Manager (HPCM) could allow an attacker to gain access to an arbitrary file on the server host. | ||||
| CVE-2022-41797 | 1 Lemon8 Project | 1 Lemon8 | 2025-05-07 | 6.5 Medium |
| Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | ||||