Total
844 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-20101 | 1 Projectsend | 1 Projectsend | 2025-04-15 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely. | ||||
| CVE-2022-3876 | 1 Clickstudios | 1 Passwordstate | 2025-04-15 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This issue affects some unknown processing of the file /api/browserextension/UpdatePassword/ of the component API. The manipulation of the argument PasswordID leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216245 was assigned to this vulnerability. | ||||
| CVE-2022-4097 | 1 Updraftplus | 1 All-in-one Security | 2025-04-14 | 5.3 Medium |
| The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more). | ||||
| CVE-2024-12335 | 1 Theme-fusion | 1 Avada Builder | 2025-04-14 | 4.3 Medium |
| The Avada (Fusion) Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handle_clone_post() function and the 'fusion_blog' shortcode and due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. | ||||
| CVE-2022-4505 | 1 Open-emr | 1 Openemr | 2025-04-14 | 8.8 High |
| Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
| CVE-2022-46179 | 1 Liuos Project | 1 Liuos | 2025-04-14 | 9.2 Critical |
| LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUB_ACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest commit (c658b4f3e57258acf5f6207a90c2f2169698ae22) by requiring the var to be set to true, causing a test script to run instead of being able to login. A potential workaround is to check for the GITHUB_ACTIONS environment variable and set it to "" (no quotes) to null the variable and force credential checks. | ||||
| CVE-2023-36238 | 1 Webkul | 1 Bagisto | 2025-04-14 | 6.5 Medium |
| Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter. | ||||
| CVE-2024-47316 | 1 Salonbookingsystem | 1 Salon Booking System | 2025-04-11 | 4.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.9. | ||||
| CVE-2024-10670 | 1 Nicheaddons | 1 Primary Addon For Elementor | 2025-04-11 | 4.3 Medium |
| The Primary Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.2 via the [prim_elementor_template] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created with Elementor that they should not have access to. | ||||
| CVE-2022-4806 | 1 Usememos | 1 Memos | 2025-04-10 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4798 | 1 Usememos | 1 Memos | 2025-04-10 | 5.3 Medium |
| Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4799 | 1 Usememos | 1 Memos | 2025-04-10 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4802 | 1 Usememos | 1 Memos | 2025-04-10 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4803 | 1 Usememos | 1 Memos | 2025-04-10 | 8.8 High |
| Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4811 | 1 Usememos | 1 Memos | 2025-04-10 | 8.3 High |
| Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1. | ||||
| CVE-2022-4812 | 1 Usememos | 1 Memos | 2025-04-10 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4686 | 1 Usememos | 1 Memos | 2025-04-09 | 9.8 Critical |
| Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0. | ||||
| CVE-2025-32373 | 2025-04-09 | 6.5 Medium | ||
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8. | ||||
| CVE-2025-28874 | 1 Shanebp | 1 Bp Email Assign Templates | 2025-04-09 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in shanebp BP Email Assign Templates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BP Email Assign Templates: from n/a through 1.6. | ||||
| CVE-2025-2526 | 2025-04-08 | 8.8 High | ||
| The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the 'st_Authentication_Controller::edit_profile' function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. | ||||