Total
4406 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-4445 | 1 Leap13 | 1 Premium Addons For Elementor | 2025-03-06 | 6.5 Medium |
| The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the pa_dismiss_admin_notice AJAX action. This makes it possible for authenticated subscriber+ attackers to change arbitrary options with a restricted value of 1 on vulnerable WordPress sites. | ||||
| CVE-2022-47478 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-06 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2022-47477 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-06 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2022-47475 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-06 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2022-47474 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-06 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-45272 | 1 10web | 1 Map Builder For Google Maps | 2025-03-06 | 5.4 Medium |
| Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73. | ||||
| CVE-2023-47807 | 1 10web | 1 10webanalytics | 2025-03-06 | 4.3 Medium |
| Missing Authorization vulnerability in 10Web 10WebAnalytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10WebAnalytics: from n/a through 1.2.12. | ||||
| CVE-2025-1666 | 2025-03-06 | 4.3 Medium | ||
| The Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the send_uninstall_survey() function in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit the uninstall survey on behalf of a website. | ||||
| CVE-2023-4059 | 1 Cozmoslabs | 1 Profile Builder | 2025-03-06 | 4.3 Medium |
| The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog | ||||
| CVE-2022-47479 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-06 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2022-47476 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-06 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||
| CVE-2023-26510 | 1 Ghost | 1 Ghost | 2025-03-06 | 5.7 Medium |
| Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact. | ||||
| CVE-2024-10860 | 1 Xlplugins | 1 Nextmove | 2025-03-06 | 4.3 Medium |
| The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized submission of data due to a missing capability check on the _submit_uninstall_reason_action() function in all versions up to, and including, 2.19.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit a deactivation reason on behalf of a site. | ||||
| CVE-2025-27666 | 2025-03-05 | 9.8 Critical | ||
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Authorization Checks OVE-20230524-0010. | ||||
| CVE-2022-47483 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | ||||
| CVE-2022-47482 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | ||||
| CVE-2022-47481 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | ||||
| CVE-2022-47480 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | 5.5 Medium |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | ||||
| CVE-2025-1891 | 1 Qzw1210 | 1 Shishuocms | 2025-03-05 | 4.3 Medium |
| A vulnerability was found in shishuocms 1.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-22858 | 1 Blogengine | 1 Blogengine.net | 2025-03-05 | 5.3 Medium |
| An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs. | ||||