Total
5095 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4245 | 1 Gimp | 1 Gimp | 2025-04-11 | N/A |
| The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command. | ||||
| CVE-2024-7031 | 1 Ninjateam | 1 Filester | 2025-04-10 | 7.5 High |
| The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njt_fs_saveSettingRestrictions' function in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with a role that has been granted permissions by an Administrator, to update the plugin settings for user role restrictions, including allowing file types such as .php to be uploaded. | ||||
| CVE-2025-26378 | 1 Q-free | 1 Maxtime | 2025-04-10 | 8.8 High |
| A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to reset passwords, including the ones of administrator accounts, via crafted HTTP requests. | ||||
| CVE-2025-26367 | 1 Q-free | 1 Maxtime | 2025-04-10 | 4.3 Medium |
| A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create arbitrary user groups via crafted HTTP requests. | ||||
| CVE-2025-26371 | 1 Q-free | 1 Maxtime | 2025-04-10 | 8.8 High |
| A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add users to groups via crafted HTTP requests. | ||||
| CVE-2025-26376 | 1 Q-free | 1 Maxtime | 2025-04-10 | 6.5 Medium |
| A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to modify user data via crafted HTTP requests. | ||||
| CVE-2024-33914 | 1 Exclusiveaddons | 1 Exclusive Addons For Elementor | 2025-04-10 | 4.3 Medium |
| Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.1. | ||||
| CVE-2022-44437 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | 5.5 Medium |
| In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed. | ||||
| CVE-2022-3911 | 1 Iubenda | 1 Iubenda-cookie-law-solution | 2025-04-10 | 8.8 High |
| The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges, such as edit_plugins etc | ||||
| CVE-2025-26368 | 1 Q-free | 1 Maxtime | 2025-04-10 | 8.1 High |
| A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove user groups via crafted HTTP requests. | ||||
| CVE-2025-26375 | 1 Q-free | 1 Maxtime | 2025-04-10 | 8.8 High |
| A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create users with arbitrary privileges via crafted HTTP requests. | ||||
| CVE-2023-41243 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2025-04-10 | 8.8 High |
| Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through 0.9.90. | ||||
| CVE-2023-33923 | 2025-04-10 | 4.3 Medium | ||
| Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.This issue affects Viral News: from n/a through 1.4.5; Viral: from n/a through 1.8.0; HashOne: from n/a through 1.3.0. | ||||
| CVE-2025-26871 | 1 Wpdeveloper | 1 Essential Blocks | 2025-04-10 | 4.3 Medium |
| Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Essential Blocks for Gutenberg: from n/a through 4.8.3. | ||||
| CVE-2025-21498 | 1 Oracle | 1 Http Server | 2025-04-10 | 5.3 Medium |
| Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2022-39084 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | 6.7 Medium |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2022-39083 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | 6.7 Medium |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2022-39082 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | 6.7 Medium |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2022-39081 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | 6.7 Medium |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2022-38684 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-04-10 | 5.5 Medium |
| In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed. | ||||