Total
4754 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-41231 | 2025-05-21 | N/A | 7.3 HIGH | ||
| VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information. | |||||
| CVE-2025-26920 | 2025-05-21 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in PressMaximum Customify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customify: from n/a through 0.4.8. | |||||
| CVE-2025-39460 | 2025-05-21 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in ThimPress Eduma allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eduma: from n/a through 5.6.4. | |||||
| CVE-2025-26867 | 2025-05-21 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Themes4WP Bulk allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bulk: from n/a through 1.0.11. | |||||
| CVE-2025-39353 | 2025-05-21 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in ThemeGoods Grand Restaurant WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant WordPress: from n/a through 7.0. | |||||
| CVE-2025-39451 | 2025-05-21 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For Elementor: from n/a through 1.3.16. | |||||
| CVE-2025-39352 | 2025-05-21 | N/A | 8.2 HIGH | ||
| Missing Authorization vulnerability in ThemeGoods Grand Restaurant WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant WordPress: from n/a through 7.0. | |||||
| CVE-2025-39447 | 2025-05-21 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in Crocoblock JetElements For Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through 2.7.4.1. | |||||
| CVE-2025-39373 | 2025-05-21 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in jegtheme JNews.This issue affects JNews: from n/a through 11.6.5. | |||||
| CVE-2025-43838 | 2025-05-21 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in ChoPlugins Custom PC Builder Lite for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom PC Builder Lite for WooCommerce: from n/a through 1.0.1. | |||||
| CVE-2025-39350 | 2025-05-21 | N/A | 8.2 HIGH | ||
| Missing Authorization vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0. | |||||
| CVE-2025-39449 | 2025-05-21 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in Crocoblock JetWooBuilder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through 2.1.18. | |||||
| CVE-2025-39398 | 2025-05-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Themovation Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue.This issue affects Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue: from n/a through 4.2.2. | |||||
| CVE-2025-39454 | 2025-05-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Jeroen Peters Name Directory.This issue affects Name Directory: from n/a through 1.30.0. | |||||
| CVE-2025-22287 | 2025-05-21 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Eniture Technology LTL Freight Quotes – FreightQuote Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a through 2.3.11. | |||||
| CVE-2025-39376 | 2025-05-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in QuanticaLabs Car Park Booking System for WordPress.This issue affects Car Park Booking System for WordPress: from n/a through 2.6. | |||||
| CVE-2025-39388 | 2025-05-21 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Solid Plugins AnalyticsWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AnalyticsWP: from n/a through 2.0.0. | |||||
| CVE-2025-48009 | 2025-05-21 | N/A | 3.1 LOW | ||
| Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12. | |||||
| CVE-2025-5033 | 2025-05-21 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4105 | 2025-05-21 | N/A | 5.4 MEDIUM | ||
| The Splitit plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the 'splitIt-flexfields-payment-gateway.php' file in all versions up to, and including, 4.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change plugin settings, including changing the environment from sandbox to production and vice versa. | |||||