Total
6215 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41417 | 1 Blogengine | 1 Blogengine.net | 2025-04-03 | 9.8 Critical |
| BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data/. | ||||
| CVE-2024-12955 | 1 Phpgurukul | 1 Blood Bank \& Donor Management System | 2025-04-03 | 4.3 Medium |
| A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as problematic. This vulnerability affects unknown code of the file /logout.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-1843 | 1 Flamescorpion | 1 Auto Affiliate Links | 2025-04-03 | 4.3 Medium |
| The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or higher, to add arbitrary links to posts. | ||||
| CVE-2024-1862 | 1 Renventura | 1 Woocommerce Add To Cart Custom Redirect | 2025-04-03 | 8.1 High |
| The WooCommerce Add to Cart Custom Redirect plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wcr_dismiss_admin_notice' function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with contributor access and above, to update the values of arbitrary site options to 'dismissed'. | ||||
| CVE-2025-31580 | 2025-04-03 | 7.5 High | ||
| Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Product Enquiry allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Ni WooCommerce Product Enquiry: from n/a through 4.1.8. | ||||
| CVE-2006-4483 | 1 Php | 1 Php | 2025-04-03 | N/A |
| The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache. | ||||
| CVE-2005-3623 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-03 | N/A |
| nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems. | ||||
| CVE-2023-35040 | 1 Pressified | 1 Sendpress | 2025-04-03 | 5.3 Medium |
| Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through 1.23.11.6. | ||||
| CVE-2024-32778 | 1 Contest-gallery | 1 Contest Gallery | 2025-04-03 | 8.5 High |
| Missing Authorization vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4. | ||||
| CVE-2025-31777 | 2025-04-02 | 5.3 Medium | ||
| Missing Authorization vulnerability in BeastThemes Clockinator Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clockinator Lite: from n/a through 1.0.7. | ||||
| CVE-2025-31780 | 2025-04-02 | 6.5 Medium | ||
| Missing Authorization vulnerability in Andy Stratton Append Content allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Append Content: from n/a through 2.1.1. | ||||
| CVE-2025-31798 | 2025-04-02 | 4.3 Medium | ||
| Missing Authorization vulnerability in publitio Publitio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Publitio: from n/a through 2.1.8. | ||||
| CVE-2025-31799 | 2025-04-02 | 4.3 Medium | ||
| Missing Authorization vulnerability in publitio Publitio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Publitio: from n/a through 2.1.8. | ||||
| CVE-2023-24431 | 1 Jenkins | 1 Orka By Macstadium | 2025-04-02 | 4.3 Medium |
| A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2023-20916 | 1 Google | 1 Android | 2025-04-02 | 7.8 High |
| In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-229256049 | ||||
| CVE-2023-20912 | 1 Google | 1 Android | 2025-04-02 | 7.8 High |
| In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301995 | ||||
| CVE-2022-3482 | 1 Gitlab | 1 Gitlab | 2025-04-02 | 5.3 Medium |
| An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only | ||||
| CVE-2025-30825 | 2025-04-02 | 8.8 High | ||
| Missing Authorization vulnerability in WPClever WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce allows Privilege Escalation. This issue affects WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce: from n/a through 1.3.5. | ||||
| CVE-2025-31525 | 2025-04-02 | 4.3 Medium | ||
| Missing Authorization vulnerability in WP Messiah WP Mobile Bottom Menu allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Mobile Bottom Menu: from n/a through 1.2.9. | ||||
| CVE-2023-24453 | 1 Jenkins | 1 Testquality Updater | 2025-04-02 | 6.5 Medium |
| A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. | ||||