Total
4592 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31799 | 2025-04-01 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in publitio Publitio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Publitio: from n/a through 2.1.8. | |||||
| CVE-2025-31831 | 2025-04-01 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Team AtomChat AtomChat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AtomChat: from n/a through 1.1.6. | |||||
| CVE-2025-31826 | 2025-04-01 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Cost Of Goods allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8. | |||||
| CVE-2025-31870 | 2025-04-01 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP AutoKeyword: from n/a through 1.0. | |||||
| CVE-2025-31868 | 2025-04-01 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2. | |||||
| CVE-2025-31830 | 2025-04-01 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Uriahs Victor Printus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printus: from n/a through 1.2.6. | |||||
| CVE-2025-31856 | 2025-04-01 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in brainvireinfo Export All Post Meta allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Export All Post Meta: from n/a through 1.2.1. | |||||
| CVE-2025-31848 | 2025-04-01 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WPFactory WordPress Adverts Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Adverts Plugin: from n/a through 1.4. | |||||
| CVE-2025-31846 | 2025-04-01 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Theater for WordPress: from n/a through 0.18.7. | |||||
| CVE-2025-2589 | 1 Code-projects | 1 Human Resource Management | 2025-04-01 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. This issue affects the function Index of the file \handler\Account.go. The manipulation of the argument user_cookie leads to improper authorization. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-24459 | 1 Jenkins | 1 Bearychat | 2025-04-01 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
| CVE-2024-28155 | 1 Jenkins | 1 Appspider | 2025-03-29 | N/A | 4.3 MEDIUM |
| Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names. | |||||
| CVE-2023-52352 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-28 | N/A | 5.5 MEDIUM |
| In Network Adapter Service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed | |||||
| CVE-2025-1668 | 1 Igexsolutions | 1 Wpschoolpress | 2025-03-28 | N/A | 4.3 MEDIUM |
| The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpsp_DeleteUser() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access and above, to delete arbitrary user accounts. | |||||
| CVE-2025-27103 | 1 Dataease | 1 Dataease | 2025-03-28 | N/A | 6.5 MEDIUM |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available. | |||||
| CVE-2022-39811 | 1 Italtel | 1 Netmatch-s Ci | 2025-03-28 | N/A | 9.1 CRITICAL |
| Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system configuration, bypassing all controls (without checking for user identity). | |||||
| CVE-2025-26956 | 2025-03-28 | N/A | 7.6 HIGH | ||
| Missing Authorization vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8. | |||||
| CVE-2025-26733 | 2025-03-28 | N/A | 8.2 HIGH | ||
| Missing Authorization vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8. | |||||
| CVE-2025-22739 | 2025-03-28 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in ThimPress LearnPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through 4.2.7.5. | |||||
| CVE-2025-2815 | 2025-03-28 | N/A | 8.8 HIGH | ||
| The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminz_import_backup() function in all versions up to, and including, 2025.03.24. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||