Total
7469 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15563 | 1 Nestersoft | 1 Worktime | 2026-02-26 | N/A | 5.3 MEDIUM |
| Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific HTTP request to the WorkTime server. No authorization check is applied here. | |||||
| CVE-2025-67973 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.6.2. | |||||
| CVE-2025-67969 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UPI QR Code Payment Gateway for WooCommerce: from n/a through <= 1.5.1. | |||||
| CVE-2025-67547 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in uixthemes Konte konte allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Konte: from n/a through <= 2.4.6. | |||||
| CVE-2025-68025 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Addonify Addonify Floating Cart For WooCommerce addonify-floating-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify Floating Cart For WooCommerce: from n/a through <= 1.2.17. | |||||
| CVE-2025-68023 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Addonify Addonify – Compare Products For WooCommerce addonify-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – Compare Products For WooCommerce: from n/a through <= 1.1.17. | |||||
| CVE-2025-67994 | 2026-02-25 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in YayCommerce YayCurrency yaycurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayCurrency: from n/a through <= 3.3. | |||||
| CVE-2025-67975 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in aDirectory aDirectory adirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects aDirectory: from n/a through <= 3.0.3. | |||||
| CVE-2025-68048 | 2026-02-25 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0. | |||||
| CVE-2025-68032 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Passionate Brains Advanced WC Analytics advance-wc-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced WC Analytics: from n/a through <= 3.19.0. | |||||
| CVE-2025-68028 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through <= 2.10.0. | |||||
| CVE-2025-68837 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a through <= 3.3.5. | |||||
| CVE-2025-68564 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in sendy Sendy sendy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendy: from n/a through <= 3.4.2. | |||||
| CVE-2021-0642 | 1 Google | 1 Android | 2026-02-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| In onResume of VoicemailSettingsFragment.java, there is a possible way to retrieve a trackable identifier without permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-185126149 | |||||
| CVE-2021-0641 | 1 Google | 1 Android | 2026-02-25 | 2.1 LOW | 5.5 MEDIUM |
| In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185235454 | |||||
| CVE-2026-27111 | 1 Akuity | 1 Kargo | 2026-02-25 | N/A | 5.0 MEDIUM |
| Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the ability to manage promotion-related resources from the ability to trigger promotions, enabling fine-grained access control over what is often a sensitive operation. The promote verb is correctly enforced in Kargo's legacy gRPC API. However, three endpoints in the newer REST API omit this check, relying only on standard Kubernetes RBAC for the underlying resource operations (patch on freights/status or create on promotions). This permits users who hold those standard permissions -- but who were deliberately not granted promote -- to bypass the intended authorization boundary. The affected endpoints are /v1beta1/projects/{project}/freight/{freight}/approve, /v1beta1/projects/{project}/stages/{stage}/promotions, and /v1beta1/projects/{project}/stages/{stage}/promotions/downstream. This vulnerability is fixed in v1.9.3. | |||||
| CVE-2025-69298 | 2026-02-25 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in GhostPool Gauge gauge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gauge: from n/a through <= 6.56.4. | |||||
| CVE-2024-54222 | 2026-02-25 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n/a through <= 2.22.15. | |||||
| CVE-2024-34438 | 2026-02-25 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through <= 1.7.19. | |||||
| CVE-2026-28195 | 1 Jetbrains | 1 Teamcity | 2026-02-25 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations | |||||