Total
5660 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-26705 | 1 Linux | 1 Linux Kernel | 2025-03-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: parisc: BTLB: Fix crash when setting up BTLB at CPU bringup When using hotplug and bringing up a 32-bit CPU, ask the firmware about the BTLB information to set up the static (block) TLB entries. For that write access to the static btlb_info struct is needed, but since it is marked __ro_after_init the kernel segfaults with missing write permissions. Fix the crash by dropping the __ro_after_init annotation. | |||||
| CVE-2025-26969 | 2025-03-15 | N/A | 8.3 HIGH | ||
| Missing Authorization vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5. | |||||
| CVE-2025-26961 | 2025-03-15 | N/A | 8.6 HIGH | ||
| Missing Authorization vulnerability in NotFound Fresh Framework allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Fresh Framework: from n/a through 1.70.0. | |||||
| CVE-2024-0780 | 1 Mediabetaprojects | 1 Enjoy Social Feed | 2025-03-14 | N/A | 8.8 HIGH |
| The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action | |||||
| CVE-2024-54470 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-14 | N/A | 4.6 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1. An attacker with physical access may be able to access contacts from the lock screen. | |||||
| CVE-2024-40839 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-14 | N/A | 2.4 LOW |
| This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen. | |||||
| CVE-2025-0952 | 2025-03-14 | N/A | 8.1 HIGH | ||
| The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' AJAX action in all versions up to, and including, 2.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 'hide' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration. | |||||
| CVE-2025-1528 | 2025-03-14 | N/A | 4.3 MEDIUM | ||
| The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_meta_values' function in all versions up to, and including, 2.5.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the values of arbitrary post meta. | |||||
| CVE-2025-1285 | 2025-03-14 | N/A | 5.3 MEDIUM | ||
| The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to, and including, 3.6. This makes it possible for unauthenticated attackers to issue requests to internal services and update API key details. | |||||
| CVE-2025-0955 | 2025-03-14 | N/A | 5.3 MEDIUM | ||
| The VidoRev Extensions plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'vidorev_import_single_video' AJAX action in all versions up to, and including, 2.9.9.9.9.9.5. This makes it possible for unauthenticated attackers to import arbitrary youtube videos. | |||||
| CVE-2024-0052 | 1 Google | 1 Android | 2025-03-13 | N/A | 3.3 LOW |
| In multiple functions of healthconnect, there is a possible leakage of exercise route data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-12876 | 1 Uxper | 1 Golo | 2025-03-13 | N/A | 9.8 CRITICAL |
| The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. | |||||
| CVE-2024-12719 | 1 Iptanus | 1 Wordpress File Upload | 2025-03-13 | N/A | 4.3 MEDIUM |
| The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wfu_ajax_action_read_subfolders' function in all versions up to, and including, 4.24.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform limited path traversal to view directories and subdirectories in WordPress. Files cannot be viewed. | |||||
| CVE-2024-31332 | 1 Google | 1 Android | 2025-03-13 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-52541 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 7.5 HIGH |
| Authentication vulnerability in the API for app pre-loading. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-52713 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 7.7 HIGH |
| Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | |||||
| CVE-2024-30463 | 1 Pluginus | 1 Bear - Woocommerce Bulk Editor And Products Manager Professional | 2025-03-13 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.3. | |||||
| CVE-2024-7491 | 1 Pluginus | 1 Husky - Products Filter Professional For Woocommerce | 2025-03-12 | N/A | 5.3 MEDIUM |
| The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woof_messenger_remove_subscr AJAX action due to missing validation on the 'key' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to unsubscribe users from a product notification sign-ups, if they can successfully obtain or brute force the key value for users who signed up to receive notifications. This vulnerability requires the plugin's Products Messenger extension to be enabled. | |||||
| CVE-2023-40334 | 1 Pluginus | 1 Husky - Products Filter Professional For Woocommerce | 2025-03-12 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in realmag777 HUSKY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HUSKY: from n/a through 1.3.4.2. | |||||
| CVE-2024-54268 | 1 Siteorigin | 1 Siteorigin Widgets Bundle | 2025-03-12 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in SiteOrigin SiteOrigin Widgets Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through 1.64.0. | |||||