Total
5144 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-47358 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 5.5 Medium |
| In log service, there is a missing permission check. This could lead to local denial of service in log service. | ||||
| CVE-2022-47357 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 5.5 Medium |
| In log service, there is a missing permission check. This could lead to local denial of service in log service. | ||||
| CVE-2022-47341 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 6.7 Medium |
| In engineermode services, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | ||||
| CVE-2022-47339 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 6.7 Medium |
| In cmd services, there is a OS command injection issue due to missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | ||||
| CVE-2022-47329 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 6.4 Medium |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | ||||
| CVE-2022-47328 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 6.4 Medium |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | ||||
| CVE-2022-47326 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 6.4 Medium |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | ||||
| CVE-2022-48166 | 1 Wavlink | 2 Wl-wn530hg4, Wl-wn530hg4 Firmware | 2025-03-25 | 7.5 High |
| An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | ||||
| CVE-2025-2025 | 1 Givewp | 1 Givewp | 2025-03-25 | 6.5 Medium |
| The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the give_reports_earnings() function in all versions up to, and including, 3.22.0. This makes it possible for unauthenticated attackers to disclose sensitive information included within earnings reports. | ||||
| CVE-2022-47327 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-25 | 5.5 Medium |
| In wlan driver, there is a possible missing permission check. This could lead to local information disclosure. | ||||
| CVE-2022-21953 | 1 Suse | 1 Rancher | 2025-03-25 | 7.4 High |
| A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. | ||||
| CVE-2024-43045 | 1 Jenkins | 1 Jenkins | 2025-03-25 | 6.3 Medium |
| Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views". | ||||
| CVE-2024-30469 | 1 Wpexperts | 1 Wholesale For Woocommerce | 2025-03-25 | 5.3 Medium |
| Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0. | ||||
| CVE-2025-30107 | 2025-03-24 | 7.5 High | ||
| On IROAD V9 devices, Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. A vulnerability in the dashcam's configuration management allows unauthorized users to modify settings, disable critical functions, and turn off battery protection, potentially causing physical damage to the vehicle. | ||||
| CVE-2022-48302 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | 7.5 High |
| The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2023-21450 | 1 Samsung | 1 One Hand Operation \+ | 2025-03-24 | 2.3 Low |
| Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without authorization via gesture setting. | ||||
| CVE-2025-1504 | 1 Andypalmer | 1 Post Lockdown | 2025-03-24 | 4.3 Medium |
| The Post Lockdown plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.0.2 via the 'pl_autocomplete' AJAX action due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. | ||||
| CVE-2025-1325 | 1 Plechevandrey | 1 Wp-recall | 2025-03-24 | 6.3 Medium |
| The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to arbitrary shortcode execution due to a missing capability check on the 'rcl_preview_post' AJAX endpoint in all versions up to, and including, 16.26.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. | ||||
| CVE-2024-31297 | 1 Wpexperts | 1 Wholesale For Woocommerce | 2025-03-24 | 7.5 High |
| Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0. | ||||
| CVE-2024-38707 | 1 Wpdeveloper | 1 Embedpress | 2025-03-24 | 6.3 Medium |
| Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmbedPress: from n/a through 4.0.4. | ||||