Total
7279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-39975 | 1 Liferay | 2 Dxp, Liferay Portal | 2025-05-27 | 4.3 Medium |
| The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation. | ||||
| CVE-2022-38512 | 1 Liferay | 2 Dxp, Liferay Portal | 2025-05-27 | 6.5 Medium |
| The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL. | ||||
| CVE-2021-41803 | 1 Hashicorp | 1 Consul | 2025-05-27 | 7.1 High |
| HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2." | ||||
| CVE-2024-13703 | 1 Vcita | 1 Crm And Lead Management By Vcita | 2025-05-26 | 4.3 Medium |
| The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable and disable plugin widgets. | ||||
| CVE-2025-2104 | 1 Pagelayer | 1 Pagelayer | 2025-05-26 | 4.3 Medium |
| The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1.9.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to bypass post moderation and publish posts to the site. | ||||
| CVE-2024-13358 | 1 Themekraft | 1 Buddypress Woocommerce My Account Integration | 2025-05-26 | 4.3 Medium |
| The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bp_delete_page() function in all versions up to, and including, 3.4.24. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins page setting. | ||||
| CVE-2025-1780 | 1 Themekraft | 1 Buddypress Woocommerce My Account Integration | 2025-05-26 | 4.3 Medium |
| The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bp_delete_page() function in all versions up to, and including, 3.4.25. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins page setting. | ||||
| CVE-2022-34344 | 1 Rymera | 1 Wholesale Suite | 2025-05-23 | 5.4 Medium |
| Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More: from n/a through 2.1.5. | ||||
| CVE-2022-36418 | 1 Dcgws | 1 Hreflang Tags Lite | 2025-05-23 | 6.5 Medium |
| Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through 2.0.0. | ||||
| CVE-2023-34379 | 1 Magneticone | 1 Magento To Woocommerce Migration | 2025-05-23 | 5.4 Medium |
| Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through 2.0.0. | ||||
| CVE-2023-23882 | 1 Brainstormforce | 1 Ultimate Addons For Beaver Builder | 2025-05-23 | 4.3 Medium |
| Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.5. | ||||
| CVE-2022-42884 | 1 Themeinprogress | 1 Wip Custom Login | 2025-05-23 | 5.4 Medium |
| Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.This issue affects WIP Custom Login: from n/a through 1.2.7. | ||||
| CVE-2019-6538 | 1 Medtronic | 40 Amplia Crt-d, Amplia Crt-d Firmware, Carelink 2090 and 37 more | 2025-05-22 | 9.3 Critical |
| The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product, in situations where the product’s radio is turned on, can inject, replay, modify, and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore, an attacker could exploit this communication protocol to change memory in the implanted cardiac device. | ||||
| CVE-2022-35249 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 4.3 Medium |
| A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room. | ||||
| CVE-2022-35247 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 4.3 Medium |
| A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients. | ||||
| CVE-2022-32220 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 6.5 Medium |
| An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room. | ||||
| CVE-2022-2987 | 1 Ldap Wp Login \/ Active Directory Integration Project | 1 Ldap Wp Login \/ Active Directory Integration | 2025-05-22 | 7.5 High |
| The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it's settings (which are hooked to the init action), allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used to authenticated users, therefore bypassing the current authentication | ||||
| CVE-2024-6328 | 2 Fluxbuilder, Inspireui | 2 Mstore Api, Mstore Api | 2025-05-21 | 9.8 Critical |
| The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebase_sms_login' and 'firebase_sms_login_v2' functions. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email address or phone number. Additionally, if a new email address is supplied, a new user account is created with the default role, even if registration is disabled. | ||||
| CVE-2025-39388 | 2025-05-21 | 5.3 Medium | ||
| Missing Authorization vulnerability in Solid Plugins AnalyticsWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AnalyticsWP: from n/a through 2.0.0. | ||||
| CVE-2025-39350 | 2025-05-21 | 8.2 High | ||
| Missing Authorization vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0. | ||||