CVEs from 2025
Total
8,971
critical
critical 1,368
high
high 2,067
medium
medium 2,068
low
low 204
% Critical
15.2%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 110
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-5972 | medium | 5.4 | 5.4 | 1y ago | A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/manage-subadmins.php. The manipulation o… | |||
| CVE-2025-5970 | medium | 5.4 | 5.4 | 1y ago | A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php. Th… | |||
| CVE-2025-5887 | medium | 5.4 | 5.4 | 1y ago | A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been classified as problematic. Affected is an unknown function of the file UserMgrController.java of the component File Upload. The mani… | |||
| CVE-2025-5884 | medium | 5.4 | 5.4 | 1y ago | A vulnerability, which was classified as problematic, was found in Konica Minolta bizhub up to 20250202. This affects an unknown part of the component Display MFP Information List. The manipulation o… | |||
| CVE-2025-5879 | medium | 5.4 | 5.4 | 1y ago | A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component File Upload.… | |||
| CVE-2025-5797 | medium | 5.4 | 5.4 | 1y ago | A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. This issue affects some unknown processing of the file /data/insert_type.php. The manipulation of the argu… | |||
| CVE-2025-5796 | medium | 5.4 | 5.4 | 1y ago | A vulnerability has been found in code-projects Laundry System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /data/edit_type.php. The manipulation of the argu… | |||
| CVE-2025-5765 | medium | 5.4 | 5.4 | 1y ago | A vulnerability was found in code-projects Laundry System 1.0. It has been classified as problematic. This affects an unknown part of the file /data/edit_laundry.php. The manipulation of the argument… | |||
| CVE-2025-5764 | medium | 5.4 | 5.4 | 1y ago | A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/insert_laundry.php. The manipulatio… | |||
| CVE-2025-5757 | medium | 5.4 | 5.4 | 1y ago | A vulnerability was found in code-projects Traffic Offense Reporting System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /save-reported.php.… | |||
| CVE-2025-5727 | medium | 5.4 | 5.4 | 1y ago | A vulnerability classified as problematic has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/announcement of the componen… | |||
| CVE-2025-5726 | medium | 5.4 | 5.4 | 1y ago | A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /script/academic/d… | |||
| CVE-2025-5721 | medium | 5.4 | 5.4 | 1y ago | A vulnerability, which was classified as problematic, was found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/core/update_profile o… | |||
| CVE-2025-5713 | medium | 5.4 | 5.4 | 1y ago | A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250519 and classified as problematic. Affected by this issue is some unknown functionality of the file /fluxos-dashboard of the componen… | |||
| CVE-2025-46258 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in BdThemes Element Pack Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Pack Pro: from n/a before 8.0.0. | |||
| CVE-2025-5127 | medium | 5.4 | 5.4 | 1y ago | A vulnerability was determined in Teledyne FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. Executing manipulation of the argument cmd can lead to cross site … | |||
| CVE-2025-22287 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition ltl-freight-quotes-freightquote-edition allows Exploiting Incorrectly Configured Access Control Secu… | |||
| CVE-2025-48342 | medium | 5.4 | 5.4 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in RedefiningTheWeb Dynamic Pricing & Discounts Lite for WooCommerce woo-dynamic-pricing-discounts-lite allows Cross Site Request Forgery.This issue af… | |||
| CVE-2025-46535 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Re… | |||
| CVE-2025-46225 | medium | 5.4 | 5.4 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Post in page for Elementor allows DOM-Based XSS. This issue affects Post in page for Elem… | |||
| CVE-2025-30966 | medium | 5.4 | 5.4 | 1y ago | Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a. | |||
| CVE-2025-32246 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in Tim Nguyen 1-Click Backup & Restore Database 1-click-backup-restore-database-by-sunbytes allows Exploiting Incorrectly Configured Access Control Security Levels… | |||
| CVE-2025-32178 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 6Storage Rentals: from n/a… | |||
| CVE-2025-31439 | medium | 5.4 | 5.4 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in tobias_.MerZ Browser Caching with .htaccess allows Cross Site Request Forgery. This issue affects Browser Caching with .htaccess: from 1.2.1 through… | |||
| CVE-2025-22770 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in EnvoThemes Envo Multipurpose allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Multipurpose: from n/a through 1.1.… | |||
| CVE-2025-27809 | medium | 5.4 | 5.4 | 1y ago | Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostna… | |||
| CVE-2025-1391 | medium | 5.4 | 5.4 | 1y ago | Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims | |||
| CVE-2025-23917 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in Chandrika Guntur, Morgan Kay Chamber Dashboard Business Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cha… | |||
| CVE-2025-23761 | medium | 5.4 | 5.4 | 1y ago | Missing Authorization vulnerability in Alex Volkov Woo Tuner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Tuner: from n/a through 0.1.2. | |||
| CVE-2025-52609 | medium | 5.3 | 5.3 | 2d ago | HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of modern web browsers. | |||
| CVE-2025-53302 | medium | 5.3 | 5.3 | 5d ago | Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5. | |||
| CVE-2025-12714 | medium | 5.3 | 5.3 | 8d ago | The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the update_site_editor_homepage function in al… | |||
| CVE-2025-67903 | medium | 5.3 | 5.3 | 11d ago | Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass. | |||
| CVE-2025-36145 | medium | 5.3 | 5.3 | 11d ago | IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions. | |||
| CVE-2025-15369 | medium | 5.3 | 5.3 | 18d ago | The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_content_editor function in all versio… | |||
| CVE-2025-13465 | medium | 5.3 | 5.3 | 19d ago | Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global pr… | |||
| CVE-2025-64526 | medium | 5.3 | 5.3 | 23d ago | Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying | |||
| CVE-2025-14033 | medium | 5.3 | 5.3 | 25d ago | The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ticket_content_callback' function in all ver… | |||
| CVE-2025-9987 | medium | 5.3 | 5.3 | 25d ago | The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the get_sponsored_meta() AJAX action. This makes it possible for … | |||
| CVE-2025-14755 | medium | 5.3 | 5.3 | 25d ago | The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference (IDOR) in all versions up to, and including, 4.0.1 only when … | |||
| CVE-2025-67604 | medium | 5.3 | 5.3 | 25d ago | A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions,… | |||
| CVE-2025-69233 | medium | 5.3 | 5.3 | 29d ago | Due to multiple time-of-check time-of-use race conditions in the resource count check and increment logic, as well as missing validations, users of the platform are able to exceed the allocation limi… | |||
| CVE-2025-66105 | medium | 5.3 | 5.3 | 1mo ago | Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bus Ticket… | |||
| CVE-2025-2514 | medium | 5.3 | 5.3 | 1mo ago | Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platfor… | |||
| CVE-2025-31960 | medium | 5.3 | 5.3 | 1mo ago | HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to… | |||
| CVE-2025-31975 | medium | 5.3 | 5.3 | 1mo ago | HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially a… | |||
| CVE-2025-59853 | medium | 5.3 | 5.3 | 1mo ago | HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the appl… | |||
| CVE-2025-14688 | medium | 5.3 | 5.3 | 1mo ago | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutr… | |||
| CVE-2025-60887 | medium | 5.3 | 5.3 | 1mo ago | An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Cl… | |||
| CVE-2025-52641 | medium | 5.3 | 5.3 | 2mo ago | HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying … | |||
| CVE-2025-13822 | medium | 5.3 | 5.3 | 2mo ago | MCPHub has an authentication bypass | |||
| CVE-2025-67806 | medium | 5.3 | 5.3 | 2mo ago | The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administr… | |||
| CVE-2025-69727 | medium | 5.3 | 5.3 | 3mo ago | An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components (index.js and composeUrlImgPhotoIndividu) allow the construction of direct URLs … | |||
| CVE-2025-52646 | medium | 5.3 | 5.3 | 3mo ago | HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could exp… | |||
| CVE-2025-14831 | medium | 5.3 | 5.3 | 3mo ago | RHSA-2026:5585: gnutls security update (Moderate) | |||
| CVE-2025-70040 | medium | 5.3 | 5.3 | 3mo ago | An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information. | |||
| CVE-2025-7630 | medium | 5.3 | 5.3 | 4mo ago | Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation Industry and Trade Inc. Wispotter allows Password Brute Forcing,… | |||
| CVE-2025-31051 | medium | 5.3 | 5.3 | 5mo ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issu… | |||
| CVE-2025-69364 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.21. | |||
| CVE-2025-62116 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in quadlayers AI Copilot ai-copilot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Copilot: from n/a through <= 1.5.… | |||
| CVE-2025-62092 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in Wiremo Wiremo woo-reviews-by-wiremo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wiremo: from n/a through <= 1.4.9… | |||
| CVE-2025-62079 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in Damian WP Export Categories & Taxonomies wp-export-categories-taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe… | |||
| CVE-2025-49334 | medium | 5.3 | 5.3 | 5mo ago | Authorization Bypass Through User-Controlled Key vulnerability in Eduardo Villão MyD Delivery myd-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects M… | |||
| CVE-2025-63016 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in quadlayers QuadLayers TikTok Feed wp-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QuadLayers TikTok Fe… | |||
| CVE-2025-62081 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Exploiting Incorrectly Configured Access Control Security… | |||
| CVE-2025-69031 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in Skywarrior Arcane arcane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arcane: from n/a through <= 3.6.6. | |||
| CVE-2025-69027 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in tychesoftwares Product Delivery Date for WooCommerce – Lite product-delivery-date-for-woocommerce-lite allows Exploiting Incorrectly Configured Access Control S… | |||
| CVE-2025-69009 | medium | 5.3 | 5.3 | 5mo ago | Missing Authorization vulnerability in kamleshyadav Medicalequipment medicalequipment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Medicalequipment: from… | |||
| CVE-2025-15013 | medium | 5.3 | 5.3 | 6mo ago | A vulnerability was identified in floooh sokol up to 5d11344150973f15e16d3ec4ee7550a73fb995e0. The impacted element is the function _sg_validate_pipeline_desc in the library sokol_gfx.h. Such manipul… | |||
| CVE-2025-14953 | medium | 5.3 | 5.3 | 6mo ago | A flaw has been found in Open5GS up to 2.7.5. This impacts the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component FAR-ID Handler. Executing a manipulation can lead… | |||
| CVE-2025-14699 | medium | 5.3 | 5.3 | 6mo ago | A security vulnerability has been detected in Municorn FAX App 3.27.0 on Android. This vulnerability affects unknown code of the component biz.faxapp.app. Such manipulation leads to path traversal. T… | |||
| CVE-2025-14617 | medium | 5.3 | 5.3 | 6mo ago | A vulnerability has been found in Jehovahs Witnesses JW Library App up to 15.5.1 on Android. Affected is an unknown function of the component org.jw.jwlibrary.mobile.activity.SiloContainer. Such mani… | |||
| CVE-2025-14569 | medium | 5.3 | 5.3 | 6mo ago | A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function read_audio_data of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after … | |||
| CVE-2025-14517 | medium | 5.3 | 5.3 | 6mo ago | A vulnerability was determined in Yalantis uCrop 2.2.11. This affects the function UCropActivity of the file AndroidManifest.xml. Executing manipulation can lead to improper export of android applic… | |||
| CVE-2025-62085 | medium | 5.3 | 5.3 | 6mo ago | Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/… | |||
| CVE-2025-49348 | medium | 5.3 | 5.3 | 6mo ago | Missing Authorization vulnerability in Hype Hype pico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hype: from n/a through <= 1.0.5. | |||
| CVE-2025-10876 | medium | 5.3 | 5.3 | 6mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software e-BAP Automation allows Cross-Site Scripting (XSS). This issue affects e-… | |||
| CVE-2025-13789 | medium | 5.3 | 5.3 | 6mo ago | A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forg… | |||
| CVE-2025-13117 | medium | 5.3 | 5.3 | 7mo ago | A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation o… | |||
| CVE-2025-13116 | medium | 5.3 | 5.3 | 7mo ago | A weakness has been identified in macrozheng mall-swarm and mall up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument order… | |||
| CVE-2025-13115 | medium | 5.3 | 5.3 | 7mo ago | A security flaw has been discovered in macrozheng mall-swarm and mall up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manip… | |||
| CVE-2025-13114 | medium | 5.3 | 5.3 | 7mo ago | A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the file /cart/update/attr. Such manipulation leads to improper authorization. The attack … | |||
| CVE-2025-12918 | medium | 5.3 | 5.3 | 7mo ago | Skuul School Management System has an Insecure Direct Object Reference (IDOR) Vulnerability in View Fee Invoice | |||
| CVE-2025-7700 | medium | 5.3 | 5.3 | 7mo ago | A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files.… | |||
| CVE-2025-58595 | medium | 5.3 | 5.3 | 7mo ago | Authentication Bypass by Spoofing vulnerability in Saad Iqbal All In One Login change-wp-admin-login allows Identity Spoofing.This issue affects All In One Login: from n/a through <= 2.0.8. | |||
| CVE-2025-61795 | medium | 5.3 | 5.3 | 7mo ago | Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded … | |||
| CVE-2025-56009 | medium | 5.3 | 5.3 | 8mo ago | Cross site request forgery (CSRF) vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing … | |||
| CVE-2025-49913 | medium | 5.3 | 5.3 | 8mo ago | Missing Authorization vulnerability in CoSchedule CoSchedule coschedule-by-todaymade allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoSchedule: from n/a th… | |||
| CVE-2025-49906 | medium | 5.3 | 5.3 | 8mo ago | Missing Authorization vulnerability in StellarWP WPComplete wpcomplete allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPComplete: from n/a through <= 2.9.5.3. | |||
| CVE-2025-49903 | medium | 5.3 | 5.3 | 8mo ago | Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through <= 2.3.11. | |||
| CVE-2025-49899 | medium | 5.3 | 5.3 | 8mo ago | Missing Authorization vulnerability in jjlemstra Whydonate wp-whydonate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Whydonate: from n/a through <= 4.0.15. | |||
| CVE-2025-49376 | medium | 5.3 | 5.3 | 8mo ago | Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects DELUCKS SEO: from n/a through <= 2.5.9. | |||
| CVE-2025-11015 | medium | 5.3 | 5.3 | 8mo ago | A weakness has been identified in OGRECave Ogre up to 14.4.1. Impacted is the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp. This manipulation causes misma… | |||
| CVE-2025-11025 | medium | 5.3 | 5.3 | 8mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data. … | |||
| CVE-2025-11010 | medium | 5.3 | 5.3 | 8mo ago | A vulnerability has been found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_include_common of the file /src/ucl_util.c. Such manipulation leads to heap-based buf… | |||
| CVE-2025-10977 | medium | 5.3 | 5.3 | 8mo ago | A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization. The… | |||
| CVE-2025-10976 | medium | 5.3 | 5.3 | 8mo ago | A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to imp… | |||
| CVE-2025-10824 | medium | 5.3 | 5.3 | 9mo ago | A vulnerability was determined in axboe fio up to 3.41. This impacts the function __parse_jobs_ini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launch… | |||
| CVE-2025-57976 | medium | 5.3 | 5.3 | 9mo ago | Missing Authorization vulnerability in CardCom CardCom Payment Gateway woo-cardcom-payment-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CardCom P… | |||
| CVE-2025-10722 | medium | 5.3 | 5.3 | 9mo ago | A vulnerability was detected in SKTLab Mukbee App 1.01.196 on Android. This affects an unknown function of the file AndroidManifest.xml of the component com.dw.android.mukbee. The manipulation result… |