Total
3244 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41155 | 1 Webence | 1 Iq Block Country | 2025-02-20 | 5.3 Medium |
| Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress. | ||||
| CVE-2022-40216 | 1 Wordplus | 1 Better Messages | 2025-02-20 | 4.3 Medium |
| Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on WordPress. | ||||
| CVE-2021-36913 | 1 Redirection-for-contact-form7 | 1 Redirection For Contact Form 7 | 2025-02-20 | 7.5 High |
| Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension (plugin) AccessiBe. | ||||
| CVE-2022-41135 | 1 Wpchill | 1 Customizable Wordpress Gallery Plugin - Modula Image Gallery | 2025-02-20 | 6.5 Medium |
| Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on WordPress. | ||||
| CVE-2020-35546 | 2025-02-20 | 9.1 Critical | ||
| Lexmark MX6500 LW75.JD.P296 and previous devices have Incorrect Access Control via the access control settings. | ||||
| CVE-2023-27517 | 1 Intel | 16 Nma1xxd128gpsu4, Nma1xxd128gpsuf, Nma1xxd256gpsu4 and 13 more | 2025-02-20 | 6.6 Medium |
| Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-22311 | 1 Intel | 7 Nma1xxd128gpsu4, Nma1xxd128gpsuf, Nma1xxd256gpsu4 and 4 more | 2025-02-20 | 6.7 Medium |
| Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-21105 | 2025-02-20 | 6.6 Medium | ||
| Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down the server, modifying the configuration leading to gain access to unauthorized data. | ||||
| CVE-2022-24972 | 1 Tp-link | 2 Tl-wr940n, Tl-wr940n Firmware | 2025-02-19 | 6.5 Medium |
| This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13911. | ||||
| CVE-2023-1647 | 1 Cal | 1 Cal.com | 2025-02-19 | 8.8 High |
| Improper Access Control in GitHub repository calcom/cal.com prior to 2.7. | ||||
| CVE-2025-20153 | 2025-02-19 | 5.8 Medium | ||
| A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device. This vulnerability is due to improper handling of email that passes through an affected device. An attacker could exploit this vulnerability by sending a crafted email through the affected device. A successful exploit could allow the attacker to bypass email filters on the affected device. | ||||
| CVE-2024-56883 | 2025-02-19 | 8.1 High | ||
| Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are not always enforced on the server side. Low-privileged Sage users with employee role privileges can create external courses for other employees, even though they do not have the option to do so in the user interface. To do this, a valid request to create a course simply needs to be modified, so that the current user ID in the "id" parameter is replaced with the ID of another user. | ||||
| CVE-2024-13854 | 2025-02-19 | 4.3 Medium | ||
| The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naedu_elementor_template shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract information from posts that are not public, including drafts, password protected, and restricted posts. This applies to posts created with Elementor only. | ||||
| CVE-2025-1390 | 2025-02-18 | 6.1 Medium | ||
| The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames. | ||||
| CVE-2025-0745 | 2025-02-18 | 7.5 High | ||
| An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain the backups of the database by requesting the "/embedai/app/uploads/database/<SQL_FILE>" endpoint. | ||||
| CVE-2025-0744 | 2025-02-18 | 7.5 High | ||
| an Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker change his subscription plan without paying by making a POST request changing the parameters of the "/demos/embedai/pmt_cash_on_delivery/pay" endpoint. | ||||
| CVE-2025-0743 | 2025-02-18 | 5.3 Medium | ||
| An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to leverage the endpoint "/embedai/visits/show/<VISIT_ID>" to obtain information about the visits made by other users. The information provided by this endpoint includes IP address, userAgent and location of the user that visited the web page. | ||||
| CVE-2025-0742 | 2025-02-18 | 5.8 Medium | ||
| An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain files stored by others users by changing the "FILE_ID" of the endpoint "/embedai/files/show/<FILE_ID>". | ||||
| CVE-2025-0741 | 2025-02-18 | 5.8 Medium | ||
| An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to write messages into other users chat by changing the parameter "chat_id" of the POST request "/embedai/chats/send_message". | ||||
| CVE-2022-47542 | 1 Red-gate | 1 Sql Monitor | 2025-02-18 | 8.8 High |
| Red Gate SQL Monitor 11.0.14 through 12.1.46 has Incorrect Access Control, exploitable remotely for Escalation of Privileges. | ||||