Total
6218 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13750 | 2 Mateuszgbiorczyk, Wordpress | 2 Converter For Media, Wordpress | 2025-12-18 | 4.3 Medium |
| The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `/webp-converter/v1/regenerate-attachment` REST endpoint in all versions up to, and including, 6.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete optimized WebP/AVIF variants for arbitrary attachments. | ||||
| CVE-2025-14061 | 2 Wordpress, Wplegalpages | 2 Wordpress, Wp Cookie Consent | 2025-12-18 | 5.3 Medium |
| The Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the gdpr_delete_policy_data function in all versions up to, and including, 4.0.7. This makes it possible for unauthenticated attackers to permanently delete arbitrary posts, pages, attachments, and other post types by ID. | ||||
| CVE-2025-67573 | 1 Wordpress | 1 Wordpress | 2025-12-17 | 5.3 Medium |
| Missing Authorization vulnerability in ThimPress Sailing sailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sailing: from n/a through < 4.4.6. | ||||
| CVE-2025-64248 | 2 Emarketdesign, Wordpress | 2 Request A Quote, Wordpress | 2025-12-17 | 4.3 Medium |
| Missing Authorization vulnerability in emarket-design Request a Quote request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Request a Quote: from n/a through <= 2.5.3. | ||||
| CVE-2024-27950 | 1 Sirv | 1 Sirv | 2025-12-17 | 5.4 Medium |
| Missing Authorization vulnerability in sirv.Com Image Optimizer, Resizer and CDN – Sirv.This issue affects Image Optimizer, Resizer and CDN – Sirv: from n/a through 7.2.0. | ||||
| CVE-2025-67976 | 1 Wordpress | 1 Wordpress | 2025-12-17 | 6.5 Medium |
| Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5. | ||||
| CVE-2023-53740 | 1 Dbbroadcast | 11 Sft Dab 015\/c, Sft Dab 015\/c Firmware, Sft Dab 050\/c and 8 more | 2025-12-17 | 9.8 Critical |
| Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify the admin account. | ||||
| CVE-2025-67636 | 1 Jenkins | 1 Jenkins | 2025-12-17 | 4.3 Medium |
| A missing permission check in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers with View/Read permission to view encrypted password values in views. | ||||
| CVE-2025-64631 | 2 Wclovers, Wordpress | 2 Wcfm Marketplace, Wordpress | 2025-12-17 | 5 Medium |
| Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through <= 3.6.15. | ||||
| CVE-2025-64241 | 1 Wordpress | 1 Wordpress | 2025-12-17 | 4.3 Medium |
| Missing Authorization vulnerability in Imtiaz Rayhan WP Coupons and Deals wp-coupons-and-deals allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Coupons and Deals: from n/a through <= 3.2.4. | ||||
| CVE-2025-48614 | 1 Google | 1 Android | 2025-12-17 | 4.3 Medium |
| In rebootWipeUserData of RecoverySystem.java, there is a possible way to factory reset the device while in DSU mode due to a missing permission check. This could lead to physical denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48604 | 1 Google | 1 Android | 2025-12-17 | 5.5 Medium |
| In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48599 | 1 Google | 1 Android | 2025-12-17 | 7.8 High |
| In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48591 | 1 Google | 1 Android | 2025-12-17 | 5.5 Medium |
| In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48575 | 1 Google | 1 Android | 2025-12-17 | 7.8 High |
| In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-32319 | 1 Google | 1 Android | 2025-12-17 | 6.7 Medium |
| In ensureBound of RemotePrintService.java, there is a possible way for a background app to keep foreground permissions due to a permissions bypass. This could lead to local escalation of privilege with user execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-68084 | 2 Nitesh Singh, Wordpress | 2 Ultimate Wordpress Auction Plugin, Wordpress | 2025-12-17 | 5.4 Medium |
| Missing Authorization vulnerability in Nitesh Ultimate Auction ultimate-auction allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Auction : from n/a through <= 4.3.2. | ||||
| CVE-2025-67929 | 2 Templateinvaders, Wordpress | 2 Ti Woocommerce Wishlist, Wordpress | 2025-12-17 | 5.3 Medium |
| Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.10.0. | ||||
| CVE-2025-66133 | 2 Wordpress, Wp Legal Pages | 2 Wordpress, Wp Cookie Notice | 2025-12-17 | 5.3 Medium |
| Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.7. | ||||
| CVE-2025-64635 | 1 Wordpress | 1 Wordpress | 2025-12-17 | 5.4 Medium |
| Missing Authorization vulnerability in Syed Balkhi Feeds for YouTube feeds-for-youtube allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Feeds for YouTube: from n/a through <= 2.4.0. | ||||