Total
4930 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37903 | 1 Joinmastodon | 1 Mastodon | 2025-06-24 | N/A | 8.2 HIGH |
| Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the contents of a post not intended for them. Versions 4.1.18 and 4.2.10 contain a patch for this issue. | |||||
| CVE-2025-4571 | 2025-06-23 | N/A | 5.4 MEDIUM | ||
| The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to view or delete fundraising campaigns, view donors' data, modify campaign events, etc. | |||||
| CVE-2025-49987 | 2025-06-23 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WPFactory CRM ERP Business Solution allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CRM ERP Business Solution: from n/a through 1.13. | |||||
| CVE-2025-49974 | 2025-06-23 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in upstreamplugin UpStream: a Project Management Plugin for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects UpStream: a Project Management Plugin for WordPress: from n/a through 2.1.0. | |||||
| CVE-2025-49979 | 2025-06-23 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in slui Media Hygiene allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Media Hygiene: from n/a through 4.0.1. | |||||
| CVE-2025-49993 | 2025-06-23 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Cookie Script Cookie-Script.com allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cookie-Script.com: from n/a through 1.2.1. | |||||
| CVE-2025-49988 | 2025-06-23 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Renzo Contact Form 7 AWeber Extension allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form 7 AWeber Extension: from n/a through 0.1.38. | |||||
| CVE-2025-49990 | 2025-06-23 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in contentstudio ContentStudio allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects ContentStudio: from n/a through 1.3.4. | |||||
| CVE-2025-49998 | 2025-06-23 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Wetail WooCommerce Fortnox Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Fortnox Integration: from n/a through 4.5.5. | |||||
| CVE-2025-50010 | 2025-06-23 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Zapier Zapier for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zapier for WordPress: from n/a through 1.5.2. | |||||
| CVE-2025-49982 | 2025-06-23 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in aguilatechnologies WP Customer Area allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Customer Area: from n/a through 8.2.5. | |||||
| CVE-2025-50009 | 2025-06-23 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Climax Themes Kata Plus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Kata Plus: from n/a through 1.5.3. | |||||
| CVE-2025-49970 | 2025-06-23 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in sparklewpthemes Hello FSE Blog allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hello FSE Blog: from n/a through 1.0.6. | |||||
| CVE-2025-49973 | 2025-06-23 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in GrandPlugins Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes: from n/a through 1.0.9. | |||||
| CVE-2025-49986 | 2025-06-23 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in thanhtungtnt Video List Manager allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Video List Manager: from n/a through 1.7. | |||||
| CVE-2025-50008 | 2025-06-23 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in cscode WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily: from n/a through 1.2.4.5. | |||||
| CVE-2025-49997 | 2025-06-23 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Syed Balkhi Giveaways and Contests by RafflePress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.17. | |||||
| CVE-2025-50034 | 2025-06-23 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Mahmudul Hasan Arif Enhanced Blocks – Page Builder Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Enhanced Blocks – Page Builder Blocks for Gutenberg: from n/a through 1.4.1. | |||||
| CVE-2025-49981 | 2025-06-23 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in mahabub81 User Roles and Capabilities allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects User Roles and Capabilities: from n/a through 1.2.6. | |||||
| CVE-2024-53298 | 2025-06-23 | N/A | 9.8 CRITICAL | ||
| Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity. | |||||