Total
5224 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1934 | 1 Wpcompress | 1 Wp Compress | 2025-08-09 | 7.5 High |
| The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wps_local_compress::__construct' function in all versions up to, and including, 6.11.10. This makes it possible for unauthenticated attackers to reset the CDN region and set a malicious URL to deliver images. | ||||
| CVE-2025-2075 | 1 Uncannyowl | 1 Uncanny Automator | 2025-08-08 | 8.8 High |
| The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to add_role() and user_role() functions missing proper capability checks performed through the validate_rest_call() function. This makes it possible for unauthenticated attackers to set the role of arbitrary users to administrator granting full access to the site, though privilege escalation requires an active account on the site so this is considered an authenticated privilege escalation. | ||||
| CVE-2025-2807 | 2 Stylemixthemes, Wordpress | 2 Motors - Car Dealer\, Classifieds \& Listing, Wordpress | 2025-08-08 | 8.8 High |
| The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvl_setup_wizard_install_plugin() function in all versions up to, and including, 1.4.64. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins on the affected site's server which may make remote code execution possible. | ||||
| CVE-2025-3437 | 2 Stylemixthemes, Wordpress | 2 Motors - Car Dealer\, Classifieds \& Listing, Wordpress | 2025-08-08 | 4.3 Medium |
| The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in the ajax_actions.php file in all versions up to, and including, 1.4.66. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute several initial set-up actions. | ||||
| CVE-2024-12244 | 1 Gitlab | 1 Gitlab | 2025-08-08 | 4.3 Medium |
| An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1. | ||||
| CVE-2024-39546 | 1 Juniper | 1 Junos Os Evolved | 2025-08-08 | 7.3 High |
| A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privilege escalation ultimately compromising the system. This issue affects Junos OS Evolved: * All versions prior to 21.2R3-S8-EVO, * 21.4 versions prior to 21.4R3-S6-EVO, * 22.1 versions prior to 22.1R3-S5-EVO, * 22.2 versions prior to 22.2R3-S3-EVO, * 22.3 versions prior to 22.3R3-S3-EVO, * 22.4 versions prior to 22.4R3-EVO, * 23.2 versions prior to 23.2R2-EVO. | ||||
| CVE-2025-43720 | 1 H-mdm | 1 Headwind Mdm | 2025-08-07 | 6.5 Medium |
| Headwind MDM before 5.33.1 makes configuration details accessible to unauthorized users. The Configuration profile is exposed to the Observer user role, revealing the password requires to escape out of the MDM controlled device's profile. | ||||
| CVE-2025-43977 | 1 Sktelecom | 1 Com.skt.prod.dialer | 2025-08-07 | 4.3 Medium |
| The com.skt.prod.dialer application through 12.5.0 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.skt.prod.dialer.activities.outgoingcall.OutgoingCallInternalBroadcaster component. | ||||
| CVE-2025-43976 | 1 Textnow | 1 2ndline | 2025-08-07 | 4.3 Medium |
| The com.enflick.android.tn2ndLine application through 24.17.1.0 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component. | ||||
| CVE-2025-26901 | 1 Brizy | 1 Brizy | 2025-08-07 | 4.3 Medium |
| Missing Authorization vulnerability in Brizy Brizy Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy Pro: from n/a through 2.6.1. | ||||
| CVE-2025-8595 | 2 Themegrill, Wordpress | 2 Zakra, Wordpress | 2025-08-06 | 4.3 Medium |
| The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo settings. | ||||
| CVE-2025-51308 | 2025-08-06 | 5.3 Medium | ||
| In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks. | ||||
| CVE-2024-3976 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose via the UI the confidential issues title and description from a public project to unauthorised instance users. | ||||
| CVE-2024-1539 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 4.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member using the API. | ||||
| CVE-2025-41698 | 1 Draeger | 1 Icmhelper | 2025-08-05 | 7.8 High |
| A low privileged local attacker can interact with the affected service although user-interaction should not be allowed. | ||||
| CVE-2025-8335 | 1 Code-projects | 1 Simple Car Rental System | 2025-08-05 | 4.3 Medium |
| A vulnerability classified as problematic has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-7306 | 2 Najeebmedia, Wordpress | 2 Frontend File Manager Plugin, Wordpress | 2025-08-05 | 7.5 High |
| The Frontend File Manager Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpfm_delete_multiple_files() function in all versions up to, and including, 21.5. This makes it possible for unauthenticated attackers to delete arbitrary posts. | ||||
| CVE-2025-8434 | 2 Anisha, Code Projects | 2 Online Movie Streaming, Online Movie Streaming | 2025-08-05 | 7.3 High |
| A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been classified as critical. Affected is an unknown function of the file /admin.php. The manipulation of the argument ID leads to missing authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8435 | 2 Anisha, Code-projects | 2 Online Movie Streaming, Online Movie Streaming | 2025-08-05 | 7.3 High |
| A vulnerability was found in code-projects Online Movie Streaming 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-control.php. The manipulation of the argument ID leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-49723 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-08-05 | 8.8 High |
| Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally. | ||||