Total
4661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24431 | 1 Jenkins | 1 Orka By Macstadium | 2025-04-02 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2023-20916 | 1 Google | 1 Android | 2025-04-02 | N/A | 7.8 HIGH |
| In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-229256049 | |||||
| CVE-2023-20912 | 1 Google | 1 Android | 2025-04-02 | N/A | 7.8 HIGH |
| In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301995 | |||||
| CVE-2025-2779 | 2025-04-02 | N/A | 6.5 MEDIUM | ||
| The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 1/true on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny access to legitimate users or be used to set some values to true, such as registration. | |||||
| CVE-2025-30825 | 2025-04-02 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in WPClever WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce allows Privilege Escalation. This issue affects WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce: from n/a through 1.3.5. | |||||
| CVE-2024-13637 | 2025-04-02 | N/A | 6.5 MEDIUM | ||
| The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin function in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins.. | |||||
| CVE-2025-31628 | 2025-04-02 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in SlicedInvoices Sliced Invoices. This issue affects Sliced Invoices: from n/a through 3.9.4. | |||||
| CVE-2025-31580 | 2025-04-02 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Product Enquiry allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Ni WooCommerce Product Enquiry: from n/a through 4.1.8. | |||||
| CVE-2025-31525 | 2025-04-02 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WP Messiah WP Mobile Bottom Menu allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Mobile Bottom Menu: from n/a through 1.2.9. | |||||
| CVE-2025-3063 | 2025-04-02 | N/A | 8.8 HIGH | ||
| The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2025-30853 | 2025-04-02 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ShortPixel Adaptive Images: from n/a through 3.10.0. | |||||
| CVE-2023-24453 | 1 Jenkins | 1 Testquality Updater | 2025-04-02 | N/A | 6.5 MEDIUM |
| A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. | |||||
| CVE-2023-24448 | 1 Jenkins | 1 Rabbitmq Consumer | 2025-04-02 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password. | |||||
| CVE-2023-24438 | 1 Jenkins | 1 Jira Pipeline Steps | 2025-04-02 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-24436 | 1 Jenkins | 1 Github Pull Request Builder | 2025-04-02 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2023-24435 | 1 Jenkins | 1 Github Pull Request Builder | 2025-04-02 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-24433 | 1 Jenkins | 1 Orka By Macstadium | 2025-04-02 | N/A | 6.5 MEDIUM |
| Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2025-27666 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-01 | N/A | 9.8 CRITICAL |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Authorization Checks OVE-20230524-0010. | |||||
| CVE-2025-31555 | 2025-04-01 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in ContentMX ContentMX Content Publisher allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ContentMX Content Publisher: from n/a through 1.0.6. | |||||
| CVE-2025-31539 | 2025-04-01 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Blocksera Cryptocurrency Widgets Pack allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cryptocurrency Widgets Pack: from n/a through 2.0.1. | |||||