Total
5530 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-60155 | 2025-09-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in loopus WP Virtual Assistant allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Virtual Assistant: from n/a through 3.0. | |||||
| CVE-2025-60098 | 2025-09-26 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Jeff Farthing Theme My Login allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Theme My Login: from n/a through 7.1.12. | |||||
| CVE-2025-60159 | 2025-09-26 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in webmaniabr Nota Fiscal EletrĂ´nica WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nota Fiscal EletrĂ´nica WooCommerce: from n/a through 3.4.0.6. | |||||
| CVE-2025-60120 | 2025-09-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in wpdirectorykit WP Directory Kit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Directory Kit: from n/a through 1.3.8. | |||||
| CVE-2025-60094 | 2025-09-26 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Benjamin Intal Stackable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stackable: from n/a through 3.18.1. | |||||
| CVE-2025-60116 | 2025-09-26 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.3. | |||||
| CVE-2025-60103 | 2025-09-26 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in CridioStudio ListingPro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ListingPro: from n/a through 2.9.8. | |||||
| CVE-2025-58919 | 2025-09-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in guihom Wide Banner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wide Banner: from n/a through 1.0.4. | |||||
| CVE-2025-60096 | 2025-09-26 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in CodexThemes TheGem (Elementor) allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TheGem (Elementor): from n/a through 5.10.5. | |||||
| CVE-2025-59011 | 2025-09-26 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in shinetheme Traveler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Traveler: from n/a through n/a. | |||||
| CVE-2025-54458 | 1 Mattermost | 1 Confluence | 2025-09-25 | N/A | 5.0 MEDIUM |
| Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint. | |||||
| CVE-2025-53910 | 1 Mattermost | 1 Confluence | 2025-09-25 | N/A | 4.0 MEDIUM |
| Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint. | |||||
| CVE-2025-53857 | 1 Mattermost | 1 Confluence | 2025-09-25 | N/A | 3.7 LOW |
| Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint. | |||||
| CVE-2025-48731 | 1 Mattermost | 1 Confluence | 2025-09-25 | N/A | 6.4 MEDIUM |
| Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have access for via edit subscription endpoint. | |||||
| CVE-2025-44001 | 1 Mattermost | 1 Confluence | 2025-09-25 | N/A | 4.0 MEDIUM |
| Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the Get Channel Subscriptions details endpoint. | |||||
| CVE-2025-54943 | 1 Sun.net | 1 Ehrd Ctms | 2025-09-25 | N/A | 9.8 CRITICAL |
| A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks. | |||||
| CVE-2025-49221 | 1 Mattermost | 1 Confluence | 2025-09-24 | N/A | 3.7 LOW |
| Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to access subscription details without via API call to GET subscription endpoint. | |||||
| CVE-2025-55148 | 1 Ivanti | 4 Connect Secure, Neurons For Secure Access, Policy Secure and 1 more | 2025-09-24 | N/A | 7.6 HIGH |
| Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings. | |||||
| CVE-2025-55145 | 1 Ivanti | 4 Connect Secure, Neurons For Secure Access, Policy Secure and 1 more | 2025-09-24 | N/A | 8.9 HIGH |
| Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker to hijack existing HTML5 connections. | |||||
| CVE-2025-55144 | 1 Ivanti | 4 Connect Secure, Neurons For Secure Access, Policy Secure and 1 more | 2025-09-24 | N/A | 5.4 MEDIUM |
| Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings. | |||||