Total
5103 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4520 | 2025-05-16 | N/A | 5.4 MEDIUM | ||
| The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings. | |||||
| CVE-2024-58101 | 2025-05-16 | N/A | 8.1 HIGH | ||
| Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. As a consequence, audio playback takeover or even microphone recording without user consent or notification is achieved. Note: This is considered a low severity vulnerability by the vendor. | |||||
| CVE-2024-56006 | 2025-05-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1. | |||||
| CVE-2024-51666 | 2025-05-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Automattic Tours.This issue affects Tours: from n/a through 1.0.0. | |||||
| CVE-2025-47580 | 2025-05-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Rustaurius Front End Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Front End Users: from n/a through 3.2.32. | |||||
| CVE-2025-3624 | 2025-05-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00. | |||||
| CVE-2023-7268 | 1 Artplacer | 1 Artplacer Widget | 2025-05-16 | N/A | 6.5 MEDIUM |
| The ArtPlacer Widget WordPress plugin before 2.21.2 does not have authorisation check in place when deleting widgets, allowing ay authenticated users, such as subscriber, to delete arbitrary widgets | |||||
| CVE-2024-1110 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-05-15 | N/A | 5.3 MEDIUM |
| The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings. | |||||
| CVE-2024-0797 | 1 Pluginus | 1 Woot | 2025-05-15 | N/A | 4.3 MEDIUM |
| The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible for subscribers and higher to execute functions intended for admin use. | |||||
| CVE-2024-0324 | 1 Cozmoslabs | 1 Profile Builder | 2025-05-15 | N/A | 8.2 HIGH |
| The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA functionality present in the Premium version of the plugin for arbitrary user roles. | |||||
| CVE-2022-38670 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-15 | N/A | 7.8 HIGH |
| In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. | |||||
| CVE-2024-43118 | 1 Incsub | 1 Hummingbird | 2025-05-15 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in WPMU DEV Hummingbird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hummingbird: from n/a through 3.9.1. | |||||
| CVE-2022-39113 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-15 | N/A | 5.5 MEDIUM |
| In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed. | |||||
| CVE-2022-39109 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-15 | N/A | 7.8 HIGH |
| In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. | |||||
| CVE-2022-39108 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-15 | N/A | 7.8 HIGH |
| In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed. | |||||
| CVE-2022-39107 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-15 | N/A | 7.8 HIGH |
| In Soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in Soundrecorder service with no additional execution privileges needed. | |||||
| CVE-2022-39103 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-15 | N/A | 5.5 MEDIUM |
| In Gallery service, there is a missing permission check. This could lead to local denial of service in Gallery service with no additional execution privileges needed. | |||||
| CVE-2022-39080 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-15 | N/A | 7.8 HIGH |
| In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. | |||||
| CVE-2022-38698 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-15 | N/A | 7.8 HIGH |
| In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed. | |||||
| CVE-2022-38697 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-15 | N/A | 5.5 MEDIUM |
| In messaging service, there is a missing permission check. This could lead to access unexpected provider in contacts service with no additional execution privileges needed. | |||||