Total
5660 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43431 | 1 Jenkins | 1 Compuware Strobe Measurement | 2025-05-08 | N/A | 4.3 MEDIUM |
| Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-43427 | 1 Jenkins | 1 Compuware Topaz For Total Test | 2025-05-08 | N/A | 4.3 MEDIUM |
| Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2022-43421 | 1 Jenkins | 1 Tuleap Git Branch Source | 2025-05-08 | N/A | 5.3 MEDIUM |
| A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value. | |||||
| CVE-2022-43417 | 1 Jenkins | 1 Katalon | 2025-05-08 | N/A | 4.3 MEDIUM |
| Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-30586 | 1 Nodejs | 1 Node.js | 2025-05-08 | N/A | 7.5 HIGH |
| A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process's stack memory to locate the permission model Permission::enabled_ in the host process's heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | |||||
| CVE-2025-47471 | 2025-05-08 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in EnvoThemes Envo Extra allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Envo Extra: from n/a through 1.9.9. | |||||
| CVE-2025-47465 | 2025-05-08 | N/A | 4.9 MEDIUM | ||
| Missing Authorization vulnerability in CreativeThemes Blocksy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Blocksy: from n/a through 2.0.97. | |||||
| CVE-2025-47457 | 2025-05-08 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in dgamoni LocateAndFilter allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects LocateAndFilter: from n/a through 1.6.16. | |||||
| CVE-2025-47472 | 2025-05-08 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in codepeople Music Player for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Music Player for WooCommerce: from n/a through 1.5.1. | |||||
| CVE-2025-47469 | 2025-05-08 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in slui Media Hygiene allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Media Hygiene: from n/a through 4.0.0. | |||||
| CVE-2025-47467 | 2025-05-08 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in GS Plugins GS Testimonial Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GS Testimonial Slider: from n/a through 3.3.0. | |||||
| CVE-2025-47486 | 2025-05-08 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in CyberChimps Gutenberg & Elementor Templates Importer For Responsive allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Gutenberg & Elementor Templates Importer For Responsive: from n/a through 3.1.9. | |||||
| CVE-2025-47480 | 2025-05-08 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Iqonic Design Graphina allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Graphina: from n/a through 3.0.4. | |||||
| CVE-2025-47528 | 2025-05-08 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in pewilliams Ovation Elements allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ovation Elements: from n/a through 1.1.2. | |||||
| CVE-2025-47526 | 2025-05-08 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in GS Plugins GS Variation Swatches for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GS Variation Swatches for WooCommerce: from n/a through 3.0.4. | |||||
| CVE-2025-47485 | 2025-05-08 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in CozyThemes Cozy Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cozy Blocks: from n/a through 2.1.22. | |||||
| CVE-2025-47450 | 2025-05-08 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Mitchell Bennis Simple File List allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple File List: from n/a through 6.1.13. | |||||
| CVE-2025-47591 | 2025-05-08 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in CreedAlly Bulk Featured Image allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bulk Featured Image: from n/a through 1.2.1. | |||||
| CVE-2025-47692 | 2025-05-08 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in contentstudio ContentStudio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ContentStudio: from n/a through 1.3.3. | |||||
| CVE-2025-47602 | 2025-05-08 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in ammarahmad786 Calculate Prices based on Distance For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Calculate Prices based on Distance For WooCommerce: from n/a through 1.3.5. | |||||