Total
4980 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50944 | 1 Apache | 1 Airflow | 2025-06-11 | N/A | 6.5 MEDIUM |
| Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue. | |||||
| CVE-2024-3932 | 2025-06-11 | 2.6 LOW | 3.1 LOW | ||
| A vulnerability classified as problematic has been found in Totara LMS up to 18.7. This affects an unknown part of the component User Selector. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 13.46, 14.38, 15.33, 16.27, 17.21 and 18.8 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-5766 | 1 Code-projects | 1 Simple Laundry System | 2025-06-10 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in code-projects Laundry System 1.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-48009 | 1 Single Content Sync Project | 1 Single Content Sync | 2025-06-10 | N/A | 3.1 LOW |
| Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12. | |||||
| CVE-2025-47709 | 1 Miniorange | 1 Miniorange 2fa | 2025-06-10 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Forceful Browsing.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. | |||||
| CVE-2025-5732 | 1 Carmelogarcia | 1 Traffic Offense Reporting System | 2025-06-10 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-2299 | 1 Vcita | 1 Online Booking \& Scheduling Calendar | 2025-06-10 | N/A | 5.3 MEDIUM |
| The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction function. This makes it possible for unauthenticated attackers modify the plugin's settings. | |||||
| CVE-2023-2415 | 1 Vcita | 1 Online Booking \& Scheduling Calendar | 2025-06-10 | N/A | 5.4 MEDIUM |
| The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler. | |||||
| CVE-2024-12812 | 1 Wedevs | 1 Wp Erp | 2025-06-10 | N/A | 7.5 HIGH |
| The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 has an issue where employees can manipulate parameters to access the data of terminated employees. | |||||
| CVE-2024-32948 | 1 Reputeinfosystems | 1 Armember | 2025-06-09 | N/A | 9.1 CRITICAL |
| Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.28. | |||||
| CVE-2024-32776 | 1 Apppresser | 1 Apppresser | 2025-06-09 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. | |||||
| CVE-2024-34372 | 1 Addonmaster | 1 Post Grid Master | 2025-06-09 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in AddonMaster Post Grid Master.This issue affects Post Grid Master: from n/a through 3.4.7. | |||||
| CVE-2023-48740 | 1 Easysocialfeed | 1 Easy Social Feed | 2025-06-09 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Easy Social Feed Easy Social Feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Feed: from n/a through 6.5.1. | |||||
| CVE-2023-47841 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2025-06-09 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.1. | |||||
| CVE-2023-47832 | 1 Searchiq | 1 Searchiq | 2025-06-09 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in searchiq SearchIQ allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SearchIQ: from n/a through 4.4. | |||||
| CVE-2023-47770 | 1 Muffingroup | 1 Betheme | 2025-06-09 | N/A | 7.6 HIGH |
| Missing Authorization vulnerability in Muffin Group Betheme.This issue affects Betheme: from n/a through 27.1.1. | |||||
| CVE-2023-41953 | 1 Properfraction | 1 Profilepress | 2025-06-09 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through 4.13.1. | |||||
| CVE-2023-50882 | 1 Properfraction | 1 Profilepress | 2025-06-09 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfilePress: from n/a through 4.13.2. | |||||
| CVE-2023-49835 | 1 Metaphorcreations | 1 Post Duplicator | 2025-06-09 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through 2.31. | |||||
| CVE-2023-48774 | 1 Northernbeacheswebsites | 1 Ideapush | 2025-06-09 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Martin Gibson IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a through n/a. | |||||