Total
7130 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6664 | 1 Codeastro | 1 Patient Record Management System | 2025-06-27 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6476 | 1 Oretnom23 | 1 Gym Management System | 2025-06-27 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in SourceCodester Gym Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6478 | 1 Codeastro | 1 Expense Management System | 2025-06-27 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in CodeAstro Expense Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. | |||||
| CVE-2024-50628 | 1 Digi | 7 Connectport Lts 16, Connectport Lts 16 Mei, Connectport Lts 16 Mei 2ac and 4 more | 2025-06-27 | N/A | 8.8 HIGH |
| An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues. | |||||
| CVE-2025-27583 | 1 Serosoft | 1 Academia Student Information System | 2025-06-27 | N/A | 9.1 CRITICAL |
| Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account. | |||||
| CVE-2025-6284 | 1 Phpgurukul | 1 Car Rental Portal | 2025-06-26 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in PHPGurukul Car Rental Portal 3.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5812 | 2025-06-26 | N/A | 4.3 MEDIUM | ||
| The VG WORT METIS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gutenberg_save_post() function in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited post settings. | |||||
| CVE-2025-6341 | 1 Fabian | 1 School Fees Payment System | 2025-06-26 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-52878 | 1 Jetbrains | 1 Teamcity | 2025-06-25 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions | |||||
| CVE-2025-3687 | 1 Misstt123 | 1 Oasys | 2025-06-25 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in misstt123 oasys 1.0. Affected by this issue is some unknown functionality of the component Sticky Notes Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | |||||
| CVE-2025-32045 | 1 Moodle | 1 Moodle | 2025-06-24 | N/A | 5.3 MEDIUM |
| A flaw has been identified in Moodle where insufficient capability checks in certain grade reports allowed users without the necessary permissions to access hidden grades. | |||||
| CVE-2024-37903 | 1 Joinmastodon | 1 Mastodon | 2025-06-24 | N/A | 8.2 HIGH |
| Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the contents of a post not intended for them. Versions 4.1.18 and 4.2.10 contain a patch for this issue. | |||||
| CVE-2025-49991 | 2025-06-23 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in tggfref WP-Recall allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-Recall: from n/a through 16.26.14. | |||||
| CVE-2024-53591 | 1 Seclore | 1 Seclore | 2025-06-23 | N/A | 9.8 CRITICAL |
| An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack. | |||||
| CVE-2024-0236 | 1 Myeventon | 1 Eventon | 2025-06-20 | N/A | 5.3 MEDIUM |
| The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for example for Zoom) | |||||
| CVE-2024-0235 | 1 Myeventon | 1 Eventon | 2025-06-20 | N/A | 5.3 MEDIUM |
| The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog | |||||
| CVE-2023-48339 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-06-20 | N/A | 4.4 MEDIUM |
| In jpg driver, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed | |||||
| CVE-2023-6554 | 1 Tecnick | 1 Tcexam | 2025-06-20 | N/A | 6.5 MEDIUM |
| When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers. | |||||
| CVE-2023-5905 | 1 Demomentsomtres | 1 Export Posts With Images | 2025-06-20 | N/A | 8.1 HIGH |
| The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as passwords of protected posts. | |||||
| CVE-2023-40362 | 1 Centralsquare | 1 Click2gov Building Permit | 2025-06-20 | N/A | 4.3 MEDIUM |
| An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known. | |||||