Total
5091 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54011 | 2025-07-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in SMTP2GO SMTP2GO allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SMTP2GO: from n/a through 1.12.1. | |||||
| CVE-2025-48150 | 2025-07-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Bill Minozzi Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin: from n/a through 4.48. | |||||
| CVE-2025-53986 | 2025-07-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in ThemeIsle Hestia allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Hestia: from n/a through 3.2.10. | |||||
| CVE-2025-30959 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product XML Feed Manager for WooCommerce: from n/a through 2.9.2. | |||||
| CVE-2025-48155 | 2025-07-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Residential Address Detection: from n/a through 2.5.9. | |||||
| CVE-2025-53997 | 2025-07-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in favethemes Houzez allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Houzez: from n/a through 4.0.4. | |||||
| CVE-2025-6043 | 2025-07-16 | N/A | 8.1 HIGH | ||
| The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missing capability check on the wpmr_delete_file() function in all versions up to, and including, 16.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files making remote code execution possible. This is only exploitable when advanced mode is enabled on the site. | |||||
| CVE-2025-6993 | 2025-07-16 | N/A | 7.5 HIGH | ||
| The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the get_email_log_details() AJAX handler in versions 1.0.17 to 1.3.6. The handler reads the client-supplied post_id and retrieves the corresponding email log post content (including the password-reset link), relying only on the ‘edit_posts’ capability without restricting to administrators or validating ownership. This makes it possible for authenticated attackers, with Contributor-level access and above, to harvest an admin’s reset link and elevate their privileges to administrator. | |||||
| CVE-2025-50028 | 2025-07-16 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in CodeSolz Ultimate Push Notifications allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Push Notifications: from n/a through 1.1.9. | |||||
| CVE-2025-49888 | 2025-07-16 | N/A | 7.1 HIGH | ||
| Missing Authorization vulnerability in pimwick PW WooCommerce On Sale! allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PW WooCommerce On Sale!: from n/a through 1.39. | |||||
| CVE-2025-54047 | 2025-07-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in QuanticaLabs Cost Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cost Calculator: from n/a through 7.4. | |||||
| CVE-2025-28965 | 2025-07-16 | N/A | 8.6 HIGH | ||
| Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects URL Shortener: from n/a through 3.0.7. | |||||
| CVE-2025-52804 | 2025-07-16 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in uxper Nuss allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nuss: from n/a through 1.3.3. | |||||
| CVE-2025-53825 | 2025-07-15 | N/A | 9.4 CRITICAL | ||
| Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This exposes secrets and potentially enables remote code execution, putting all public Dokploy users using these preview deployments at risk. Version 0.24.3 contains a fix for the issue. | |||||
| CVE-2025-53959 | 2025-07-15 | N/A | 7.6 HIGH | ||
| In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible | |||||
| CVE-2024-5820 | 1 Stitionai | 1 Devika | 2025-07-15 | N/A | 8.8 HIGH |
| An unprotected WebSocket connection in the latest version of stitionai/devika (commit ecee79f) allows a malicious website to connect to the backend and issue commands on behalf of the user. The backend serves all listeners on the given socket, enabling any such malicious website to intercept all communication between the user and the backend. This vulnerability can lead to unauthorized command execution and potential server-side request forgery. | |||||
| CVE-2025-52954 | 2025-07-15 | N/A | 7.8 HIGH | ||
| A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolved allows a local, low-privileged user to gain root privileges, leading to a system compromise. Any low-privileged user with the capability to send packets over the internal VRF can execute arbitrary Junos commands and modify the configuration, and thus compromise the system. This issue affects Junos OS Evolved: * All versions before 22.2R3-S7-EVO, * from 22.4 before 22.4R3-S7-EVO, * from 23.2 before 23.2R2-S4-EVO, * from 23.4 before 23.4R2-S5-EVO, * from 24.2 before 24.2R2-S1-EVO * from 24.4 before 24.4R1-S2-EVO, 24.4R2-EVO. | |||||
| CVE-2025-52950 | 2025-07-15 | N/A | 9.6 CRITICAL | ||
| A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface. Numerous endpoints on the Juniper Security Director appliance do not validate authorization and will deliver information to the caller that is outside their authorization level. An attacker can access data that is outside the user's authorization level. The information obtained can be used to gain access to additional information or perpetrate other attacks, impacting downstream managed devices. This issue affects Security Director version 24.4.1. | |||||
| CVE-2025-5394 | 2025-07-15 | N/A | 9.8 CRITICAL | ||
| The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the alone_import_pack_install_plugin() function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers to upload zip files containing webshells disguised as plugins from remote locations to achieve remote code execution. | |||||
| CVE-2024-11724 | 1 Wpeka | 1 Wp Cookie Consent | 2025-07-14 | N/A | 4.3 MEDIUM |
| The Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpl_script_save AJAX action in all versions up to, and including, 3.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to whitelist scripts. | |||||