Total
6213 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3624 | 1 Hitachi | 1 Ops Center Analyzer | 2025-06-24 | 4.3 Medium |
| Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00. | ||||
| CVE-2025-47465 | 1 Creativethemes | 1 Blocksy | 2025-06-24 | 4.9 Medium |
| Missing Authorization vulnerability in CreativeThemes Blocksy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Blocksy: from n/a through 2.0.97. | ||||
| CVE-2025-47471 | 1 Envothemes | 1 Envo Extra | 2025-06-24 | 4.3 Medium |
| Missing Authorization vulnerability in EnvoThemes Envo Extra allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Envo Extra: from n/a through 1.9.9. | ||||
| CVE-2025-47485 | 1 Cozythemes | 1 Cozy Blocks | 2025-06-24 | 5.3 Medium |
| Missing Authorization vulnerability in CozyThemes Cozy Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cozy Blocks: from n/a through 2.1.22. | ||||
| CVE-2025-47486 | 1 Cyberchimps | 1 Gutenberg & Elementor Templates Importer For Responsive | 2025-06-24 | 5.3 Medium |
| Missing Authorization vulnerability in CyberChimps Gutenberg & Elementor Templates Importer For Responsive allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Gutenberg & Elementor Templates Importer For Responsive: from n/a through 3.1.9. | ||||
| CVE-2025-47563 | 1 Villatheme | 1 Curcy | 2025-06-24 | 5.3 Medium |
| Missing Authorization vulnerability in villatheme CURCY allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CURCY: from n/a through 2.3.7. | ||||
| CVE-2025-47692 | 1 Contentstudio | 1 Contentstudio | 2025-06-24 | 4.3 Medium |
| Missing Authorization vulnerability in contentstudio ContentStudio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ContentStudio: from n/a through 1.3.3. | ||||
| CVE-2025-47942 | 1 Openedx | 1 Edx-platform | 2025-06-24 | 5.3 Medium |
| The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the python_lib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course problems. This potentially affects any course using custom Python-graded problem blocks. The openedx/configuration repo has had a patch since 2016 in the form of an nginx rule, but this was only intended as a temporary mitigation. As the configuration repo has been deprecated and we have not been able to locate any similar protection in Tutor, it is likely that most deployments have no protection against python_lib.zip being downloaded. The recommended mitigation, implemented in commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, restricts python_lib.zip downloads to just the course team and site staff/superusers. | ||||
| CVE-2025-48079 | 1 Metagauss | 1 Profilegrid | 2025-06-24 | 4.3 Medium |
| Missing Authorization vulnerability in Metagauss ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ProfileGrid : from n/a through 5.9.5.1. | ||||
| CVE-2025-48242 | 1 Wpwax | 1 Legal Pages | 2025-06-24 | 6.5 Medium |
| Missing Authorization vulnerability in wpWax Legal Pages allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Legal Pages: from n/a through 1.4.5. | ||||
| CVE-2025-4047 | 1 Wpmudev | 1 Broken Link Checker | 2025-06-24 | 4.3 Medium |
| The Broken Link Checker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_full_status and ajax_dashboard_status functions in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view the plugin's status. | ||||
| CVE-2025-4095 | 1 Docker | 1 Docker Desktop | 2025-06-24 | N/A |
| Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop users to pull down unapproved, and potentially malicious images from any registry. | ||||
| CVE-2025-4477 | 1 Teamt5 | 1 Threatsonar Anti-ransomware | 2025-06-24 | 7.2 High |
| The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator level through a specific API. | ||||
| CVE-2025-30624 | 1 Wordlift | 1 Wordlift | 2025-06-24 | 4.3 Medium |
| Missing Authorization vulnerability in WordLift WordLift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordLift: from n/a through 3.54.4. | ||||
| CVE-2025-5900 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-06-24 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-30945 | 1 Taskbuilder | 1 Taskbuilder | 2025-06-24 | 5.3 Medium |
| Missing Authorization vulnerability in taskbuilder Taskbuilder allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Taskbuilder: from n/a through 4.0.3. | ||||
| CVE-2025-1233 | 1 Althemist | 1 Lafka Plugin | 2025-06-24 | 4.3 Medium |
| The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_options_upload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the theme option that overrides the site. | ||||
| CVE-2025-49969 | 2025-06-23 | 4.3 Medium | ||
| Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zara 4 Image Compression: from n/a through 1.2.17.2. | ||||
| CVE-2025-49970 | 2025-06-23 | 4.3 Medium | ||
| Missing Authorization vulnerability in sparklewpthemes Hello FSE Blog allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hello FSE Blog: from n/a through 1.0.6. | ||||
| CVE-2025-49971 | 2025-06-23 | 4.3 Medium | ||
| Missing Authorization vulnerability in aThemeArt Translations eDS Responsive Menu allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects eDS Responsive Menu: from n/a through 1.2. | ||||