Total
5093 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5132 | 1 Project Team | 1 Tmall Demo | 2025-06-16 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Tmall Demo up to 20250505. It has been rated as problematic. This issue affects some unknown processing of the file tmall/admin/account/logout. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5900 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-06-16 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5288 | 2025-06-16 | N/A | 9.8 CRITICAL | ||
| The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the process_handler() function in versions 1.0.0 to 2.0.3. This makes it possible for unauthenticated attackers to POST an arbitrary import_api URL, import specially crafted JSON, and thereby create a new user with full Administrator privileges. | |||||
| CVE-2025-6106 | 2025-06-16 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in WuKongOpenSource WukongCRM 9.0 and classified as problematic. This issue affects some unknown processing of the file AdminRoleController.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6105 | 2025-06-16 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability has been found in jflyfox jfinal_cms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5815 | 2025-06-16 | N/A | 5.3 MEDIUM | ||
| The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tfcm_maybe_set_bot_flags() function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to disabled bot logging. | |||||
| CVE-2025-26846 | 1 Znuny | 1 Znuny | 2025-06-13 | N/A | 9.8 CRITICAL |
| An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata. | |||||
| CVE-2025-4327 | 1 Mrcms | 1 Mrcms | 2025-06-12 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected. | |||||
| CVE-2025-28202 | 1 Govicture | 2 Rx1800, Rx1800 Firmware | 2025-06-12 | N/A | 8.8 HIGH |
| Incorrect access control in Victure RX1800 EN_V1.0.0_r12_110933 allows attackers to enable SSH and Telnet services without authentication. | |||||
| CVE-2025-41231 | 1 Vmware | 1 Cloud Foundation | 2025-06-12 | N/A | 7.3 HIGH |
| VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information. | |||||
| CVE-2025-47463 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stock Locations for WooCommerce: from n/a through 2.8.6. | |||||
| CVE-2025-49651 | 2025-06-12 | N/A | 8.1 HIGH | ||
| Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI. | |||||
| CVE-2025-47527 | 2025-06-12 | N/A | 7.1 HIGH | ||
| Missing Authorization vulnerability in Icegram Icegram Collect – Easy Form, Lead Collection and Subscription plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Icegram Collect – Easy Form, Lead Collection and Subscription plugin: from n/a through 1.3.18. | |||||
| CVE-2025-49265 | 2025-06-12 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in WP Swings Membership For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Membership For WooCommerce: from n/a through 2.8.1. | |||||
| CVE-2025-5885 | 2025-06-12 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-32308 | 2025-06-12 | N/A | 7.6 HIGH | ||
| Missing Authorization vulnerability in looks_awesome Team Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team Builder: from n/a through 1.5.7. | |||||
| CVE-2025-48139 | 2025-06-12 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in relentlo StyleAI allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects StyleAI: from n/a through 1.0.4. | |||||
| CVE-2025-48147 | 2025-06-12 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Crypto Payment Gateway allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CryptoCloud - Crypto Payment Gateway: from n/a through 2.1.2. | |||||
| CVE-2025-5888 | 2025-06-12 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-42991 | 2025-06-12 | N/A | 4.3 MEDIUM | ||
| SAP S/4HANA (Bank Account Application) does not perform necessary authorization checks. This allows an authenticated 'approver' user to delete attachment from bank account application of other user, leading to a low impact on integrity, with no impact on the confidentiality of the data or the availability of the application. | |||||