Total
904 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4067 | 1 Scriptandtools | 1 Online Traveling System | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as critical has been found in ScriptAndTools Online-Travling-System 1.0. Affected is an unknown function of the file /admin/viewpackage.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4066 | 1 Scriptandtools | 1 Online Traveling System | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/addpackage.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4065 | 1 Scriptandtools | 1 Online Traveling System | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/addadvertisement.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4064 | 1 Scriptandtools | 1 Online Traveling System | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/viewenquiry.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4036 | 1 Xxyopen | 1 Novel | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in 201206030 Novel 3.5.0 and classified as critical. This issue affects the function updateBookChapter of the file src/main/java/io/github/xxyopen/novel/controller/author/AuthorController.java of the component Chapter Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-4017 | 1 Xxyopen | 1 Novel-plus | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This vulnerability affects the function list of the file nnovel-admin/src/main/java/com/java2nb/common/controller/LogController.java. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-4016 | 1 Xxyopen | 1 Novel-plus | 2026-06-17 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability classified as critical has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This affects the function deleteIndex of the file novel-admin/src/main/java/com/java2nb/common/controller/LogController.java. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-49924 | 2026-06-17 | N/A | 7.2 HIGH | ||
| Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through <= 2.2.4.2. | |||||
| CVE-2025-49900 | 2026-06-17 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in bPlugins Advanced scrollbar advanced-scrollbar allows Privilege Escalation.This issue affects Advanced scrollbar: from n/a through <= 1.1.8. | |||||
| CVE-2025-49867 | 1 Inspirythemes | 1 Realhomes | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.4.0. | |||||
| CVE-2025-49580 | 1 Xwiki | 1 Xwiki | 2026-06-17 | N/A | 8.0 HIGH |
| XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never been executed. This vulnerability is fixed in 17.1.0-rc-1, 16.10.4, and 16.4.7. | |||||
| CVE-2025-49422 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through <= 1.9. | |||||
| CVE-2025-49401 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in axiomthemes smart SEO smartSEO allows Privilege Escalation.This issue affects smart SEO: from n/a through <= 4.0. | |||||
| CVE-2025-49388 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Privilege Escalation.This issue affects Miraculous Core Plugin: from n/a through <= 2.0.7. | |||||
| CVE-2025-49379 | 2026-06-17 | N/A | 7.2 HIGH | ||
| Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through <= 1.2. | |||||
| CVE-2025-48911 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 8.2 HIGH |
| Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-48741 | 2026-06-17 | N/A | N/A | ||
| A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks, regardless of the user's permissions, through a specific API endpoint. | |||||
| CVE-2025-48695 | 2026-06-17 | N/A | 6.4 MEDIUM | ||
| An issue was discovered in CyberDAVA before 1.1.20. A privilege escalation vulnerability allows a low-privileged user to escalate their privilege by abusing the following API due to the lack of access control: /api/v2/users/user/<user id>/role/ROLE/<Target role> (admin access can be achieved). | |||||
| CVE-2025-48528 | 1 Google | 1 Android | 2026-06-17 | N/A | 4.0 MEDIUM |
| In multiple locations, there is a possible way to overlay biometrics due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48526 | 1 Google | 1 Android | 2026-06-17 | N/A | 4.0 MEDIUM |
| In createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to launch the ChooserActivity in another profile due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||