CVE-2025-47564

Missing Authorization vulnerability in ashanjay EventON eventon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through = 4.9.8...

CVE-2025-47563 WordPress CURCY plugin <= 2.3.7 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in villatheme CURCY woocommerce-multi-currency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CURCY: from n/a through = 2.3.7...

CVE-2025-47564 WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in ashanjay EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 4.9.9...

CVE-2025-2306

An Improper Access Control vulnerability was identified in the file download functionality. This vulnerability allows users to download sensitive documents without authentication, if the URL is known. The attack requires the attacker to know the documents UUIDv4...

CVE-2025-2306

CVE-2025-2306 concerns an Improper Access Control in LIVE CONTRACT’s file download feature. The vulnerability allows an unauthenticated attacker who knows a document UUIDv4 to download sensitive documents, with the attack vector described as network and requiring no privileges or user interaction...

CVE-2025-2305

CVE-2025-2305 is a local file inclusion/path-traversal vulnerability affecting LIVE CONTRACT. The files download function allows unauthenticated users to download arbitrary files from the Linux server. Documented details indicate no exploitation status and no confirmed fix across the sources; PT ...

CVE-2025-0020

Violation of Secure Design Principles, Hidden Functionality, Incorrect Provision of Specified Functionality vulnerability in ArcGIS Authentication allows Privilege Abuse, Manipulating Hidden Fields, Configuration/Environment Manipulation. The ArcGIS clientcredentials OAuth 2.0 API implementation...

PT-2025-21380 · WordPress · Wp-Reply Notify

Name of the Vulnerable Software and Affected Versions: WP-Reply Notify WordPress plugin versions 1.1 and earlier Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...

PT-2025-21281 · Unknown · Phpgurukul Vehicle Record Management System

Name of the Vulnerable Software and Affected Versions: Phpgurukul Vehicle Record Management System version 1.0 Description: The issue allows attackers to execute arbitrary code via Cross Site Scripting XSS in the vehiclename, modelnumber, regnumber, vehiclesubtype, chasisnum, and enginenumber...

PT-2025-21570 · Dumb Drop · Dumb Drop

Name of the Vulnerable Software and Affected Versions: DumbDrop versions prior to commit db27b25372eb9071e63583d8faed2111a2b79f1b Description: The issue is related to a DOM cross-site scripting vulnerability in the upload functionality. A user could be tricked into uploading a file with a malicio...

PT-2025-21327 · Ibm · Ibm Security Guardium

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium version 11.5 Description: The issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted sessio...

CVE-2025-0020

Rejected reason: “This CVE ID is Rejected and will not be used. As the CNA of record ESRI has rejected this CVE as it is not a vulnerability”...

CVE-2025-0020

CVE-2025-0020 is marked as rejected in the initial entry, but connected documents describe a vulnerability in ArcGIS’s client_credentials OAuth 2.0 API implementation: it allows undocumented, custom token expiration, enabling privilege abuse and manipulation of hidden fields/configuration. Affect...

CVE-2025-0020

...

PT-2025-21233 · Samsung · Samsung Modem +1

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor and Wearable Processor Exynos versions 980 through 9825 Samsung Mobile Processor and Wearable Processor Exynos versions 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110 Samsung Mobile Processor and...

Improper Access Control

com.baidu.mapp:brcc-core is vulnerable to Improper Access Control. The vulnerability is due to insufficient authorization checks due to the /admin/ API accepting crafted requests that grant unauthorized access to admin functionality...

TeleMessage TM SGNL Hidden Functionality Vulnerability

TeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies of messages from TM SGNL application users...

CVE-2025-4547

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add User Page. The manipulation leads to cross site scripting. The attack may be launched remotely...

CVE-2024-25652

In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE with access to the Report functionality to gain unauthorized access to remote sessions created by legitimate users through...

CVE-2025-4488

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=deletepackage. The manipulation of the argument ID leads to sql injection. The attack can be launched...