Total
6978 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-68032 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Passionate Brains Advanced WC Analytics advance-wc-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced WC Analytics: from n/a through <= 3.19.0. | |||||
| CVE-2025-68028 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through <= 2.10.0. | |||||
| CVE-2023-6394 | 2 Quarkus, Redhat | 2 Quarkus, Build Of Quarkus | 2026-02-25 | N/A | 7.4 HIGH |
| A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions. | |||||
| CVE-2025-68837 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a through <= 3.3.5. | |||||
| CVE-2025-68564 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in sendy Sendy sendy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendy: from n/a through <= 3.4.2. | |||||
| CVE-2021-0642 | 1 Google | 1 Android | 2026-02-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| In onResume of VoicemailSettingsFragment.java, there is a possible way to retrieve a trackable identifier without permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-185126149 | |||||
| CVE-2021-0641 | 1 Google | 1 Android | 2026-02-25 | 2.1 LOW | 5.5 MEDIUM |
| In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-185235454 | |||||
| CVE-2026-27111 | 1 Akuity | 1 Kargo | 2026-02-25 | N/A | 5.0 MEDIUM |
| Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the ability to manage promotion-related resources from the ability to trigger promotions, enabling fine-grained access control over what is often a sensitive operation. The promote verb is correctly enforced in Kargo's legacy gRPC API. However, three endpoints in the newer REST API omit this check, relying only on standard Kubernetes RBAC for the underlying resource operations (patch on freights/status or create on promotions). This permits users who hold those standard permissions -- but who were deliberately not granted promote -- to bypass the intended authorization boundary. The affected endpoints are /v1beta1/projects/{project}/freight/{freight}/approve, /v1beta1/projects/{project}/stages/{stage}/promotions, and /v1beta1/projects/{project}/stages/{stage}/promotions/downstream. This vulnerability is fixed in v1.9.3. | |||||
| CVE-2025-69303 | 2026-02-25 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in modeltheme ModelTheme Framework modeltheme-framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ModelTheme Framework: from n/a through <= 1.9.2. | |||||
| CVE-2025-69298 | 2026-02-25 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in GhostPool Gauge gauge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gauge: from n/a through <= 6.56.4. | |||||
| CVE-2024-54222 | 2026-02-25 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n/a through <= 2.22.15. | |||||
| CVE-2024-34438 | 2026-02-25 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through <= 1.7.19. | |||||
| CVE-2026-28195 | 1 Jetbrains | 1 Teamcity | 2026-02-25 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations | |||||
| CVE-2026-25131 | 1 Open-emr | 1 Openemr | 2026-02-25 | N/A | 8.8 HIGH |
| OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in the OpenEMR order types management system, allowing low-privilege users (such as Receptionist) to add and modify procedure types without proper authorization. This vulnerability is present in the /openemr/interface/orders/types_edit.php endpoint. Version 8.0.0 contains a patch. | |||||
| CVE-2026-25609 | 1 Mongodb | 1 Mongodb | 2026-02-25 | N/A | 5.4 MEDIUM |
| Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only. | |||||
| CVE-2026-25124 | 1 Open-emr | 1 Openemr | 2026-02-25 | N/A | 6.5 MEDIUM |
| OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing sensitive patient and user data. The vulnerability lies in the message_list.php report export functionality, where there is no permission check before executing sensitive database queries. The only control in place is CSRF token verification, which does not prevent unauthorized data access if the token is acquired through other means. Version 8.0.0 fixes the vulnerability. | |||||
| CVE-2025-69381 | 2026-02-25 | N/A | 7.1 HIGH | ||
| Missing Authorization vulnerability in vanquish WooCommerce Bulk Product Editor woocommerce-quick-product-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Product Editor: from n/a through <= 3.0. | |||||
| CVE-2026-27368 | 2026-02-25 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.7. | |||||
| CVE-2026-22350 | 2026-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through <= 6.3.1. | |||||
| CVE-2022-31595 | 1 Sap | 1 Adaptive Server Enterprise | 2026-02-25 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||