Total
33535 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-31672 | 1 Vmware | 1 Vrealize Operations | 2025-08-27 | 6.4 Medium |
| VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root. | ||||
| CVE-2022-20361 | 1 Google | 1 Android | 2025-08-27 | 6.5 Medium |
| In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-231161832 | ||||
| CVE-2025-7874 | 1 Metasoft | 1 Metacrm | 2025-08-27 | 5.3 Medium |
| A vulnerability was found in Metasoft 美特软件 MetaCRM up to 6.4.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /env.jsp. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-29152 | 1 Samsung | 32 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 29 more | 2025-08-27 | 5.9 Medium |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos Modem 5123, and Exynos Modem 5300. The baseband software does not properly check states specified by the RRC (Radio Resource Control) Reconfiguration message. This can lead to disclosure of sensitive information. | ||||
| CVE-2024-6107 | 1 Canonical | 2 Maas, Metal As A Service | 2025-08-27 | 9.6 Critical |
| Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps. | ||||
| CVE-2024-8700 | 1 Total-soft | 1 Event Calendar | 2025-08-27 | 7.5 High |
| The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars. | ||||
| CVE-2024-13925 | 1 Klarna | 1 Klarna Checkout For Woocommerce | 2025-08-27 | 7.5 High |
| The Klarna Checkout for WooCommerce WordPress plugin before 2.13.5 exposes an unauthenticated WooCommerce Ajax endpoint that allows an attacker to flood the log files with data at the maximum size allowed for a POST parameter per request. This can result in rapid consumption of disk space, potentially filling the entire disk. | ||||
| CVE-2024-5333 | 1 Stellarwp | 1 The Events Calendar | 2025-08-27 | 5.3 Medium |
| The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events. | ||||
| CVE-2024-6477 | 1 Ayecode | 1 Userswp | 2025-08-27 | 7.5 High |
| The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address | ||||
| CVE-2024-6420 | 1 Wpplugins | 1 Hide My Wp Ghost | 2025-08-27 | 8.6 High |
| The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page. | ||||
| CVE-2024-7786 | 1 Automattic | 1 Sensei Lms | 2025-08-27 | 7.5 High |
| The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates. | ||||
| CVE-2024-4565 | 2 Advancedcustomfields, Wpengine | 3 Advanced Custom Fields, Advanced Custom Field Pro, Advanced Custom Fields | 2025-08-27 | 7.5 High |
| The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct access | ||||
| CVE-2024-6846 | 2 Smartsearchwp, Webdigit | 2 Chatbot With Chatgpt Wordpress, Chatbot With Chatgpt | 2025-08-27 | 5.3 Medium |
| The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs | ||||
| CVE-2024-7714 | 1 Ays-pro | 2 Ai Chatbot With Chatgpt, Chatgpt Assistant | 2025-08-27 | 6.5 Medium |
| The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and 'ays_chatgpt_save_feedback' | ||||
| CVE-2025-4094 | 1 Unitedover | 1 Digits | 2025-08-27 | 9.8 Critical |
| The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them. | ||||
| CVE-2024-5973 | 1 Stylemixthemes | 1 Masterstudy Lms | 2025-08-27 | 8.8 High |
| The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have. | ||||
| CVE-2024-11638 | 1 Gtbabel | 1 Gtbabel | 2025-08-27 | 8.8 High |
| The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated attackers to retrieve a logged in user (such as admin) cookies by making them open a crafted URL as the request made to analysed the URL contains such cookies. | ||||
| CVE-2024-12274 | 1 Codepeople | 1 Appointment Booking Calendar | 2025-08-27 | 7.5 High |
| The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files (if they exist). | ||||
| CVE-2025-2563 | 1 Wpeverest | 1 User Registration \& Membership | 2025-08-27 | 8.1 High |
| The User Registration & Membership WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges | ||||
| CVE-2024-0032 | 1 Google | 1 Android | 2025-08-26 | 6.8 Medium |
| In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | ||||