Total
5352 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32231 | 2025-04-07 | 4.3 Medium | ||
| Missing Authorization vulnerability in Bookingor Bookingor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bookingor: from n/a through 1.0.6. | ||||
| CVE-2025-31381 | 2025-04-07 | 6.5 Medium | ||
| Missing Authorization vulnerability in shiptrack Booking Calendar and Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar and Notification: from n/a through 4.0.3. | ||||
| CVE-2025-32252 | 2025-04-07 | 5.3 Medium | ||
| Missing Authorization vulnerability in blackandwhitedigital WP Genealogy – Your Family History Website allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Genealogy – Your Family History Website: from n/a through 0.1.9. | ||||
| CVE-2025-32233 | 2025-04-07 | 4.3 Medium | ||
| Missing Authorization vulnerability in WP Chill Revive.so – Bulk Rewrite and Republish Blog Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Revive.so – Bulk Rewrite and Republish Blog Posts: from n/a through 2.0.3. | ||||
| CVE-2025-32253 | 2025-04-07 | 5.3 Medium | ||
| Missing Authorization vulnerability in ComMotion Course Booking System allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Course Booking System: from n/a through 6.0.5. | ||||
| CVE-2025-22285 | 2025-04-07 | 6.5 Medium | ||
| Missing Authorization vulnerability in Eniture Technology Pallet Packaging for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pallet Packaging for WooCommerce: from n/a through 1.1.15. | ||||
| CVE-2025-32229 | 2025-04-07 | 4.3 Medium | ||
| Missing Authorization vulnerability in Bowo Variable Inspector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Variable Inspector: from n/a through 2.6.3. | ||||
| CVE-2025-32235 | 2025-04-07 | 4.3 Medium | ||
| Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.9.4. | ||||
| CVE-2025-32225 | 2025-04-07 | 5.3 Medium | ||
| Missing Authorization vulnerability in WP Event Manager WP Event Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Event Manager: from n/a through 3.1.47. | ||||
| CVE-2025-32219 | 2025-04-07 | 5.4 Medium | ||
| Missing Authorization vulnerability in Syntactics, Inc. eaSYNC allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects eaSYNC: from n/a through 1.3.19. | ||||
| CVE-2025-2933 | 2025-04-07 | 8.8 High | ||
| The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_settings() function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2025-24249 | 1 Apple | 1 Macos | 2025-04-07 | 9.8 Critical |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to check the existence of an arbitrary path on the file system. | ||||
| CVE-2025-24259 | 1 Apple | 1 Macos | 2025-04-07 | 9.8 Critical |
| This issue was addressed with additional entitlement checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to retrieve Safari bookmarks without an entitlement check. | ||||
| CVE-2025-24245 | 1 Apple | 1 Macos | 2025-04-04 | 9.8 Critical |
| This issue was addressed by adding a delay between verification code attempts. This issue is fixed in macOS Sequoia 15.4. A malicious app may be able to access a user's saved passwords. | ||||
| CVE-2024-0893 | 1 Schemaapp | 1 Schema App Structured Data | 2025-04-04 | 4.3 Medium |
| The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update or delete post metadata. | ||||
| CVE-2020-22007 | 1 Okerthai | 2 G955v1, G955v1 Firmware | 2025-04-04 | 6.8 Medium |
| OS Command Injection vulnerability in OKER G955V1 v1.03.02.20161128, allows physical attackers to interrupt the boot sequence and execute arbitrary commands with root privileges. | ||||
| CVE-2025-31182 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-04 | 9.8 Critical |
| This issue was addressed with improved handling of symlinks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to delete files for which it does not have permission. | ||||
| CVE-2025-31194 | 1 Apple | 1 Macos | 2025-04-04 | 9.8 Critical |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A Shortcut may run with admin privileges without authentication. | ||||
| CVE-2025-30461 | 1 Apple | 1 Macos | 2025-04-04 | 9.8 Critical |
| An access issue was addressed with additional sandbox restrictions on the system pasteboards. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data. | ||||
| CVE-2024-1376 | 1 Avecnous | 1 Event Post | 2025-04-04 | 4.3 Medium |
| The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing capability check on the save_bulkdatas function in all versions up to, and including, 5.9.4. This makes it possible for authenticated attackers, with subscriber access or higher, to update post_meta_data. | ||||