Total
5525 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9133 | 1 Zyxel | 17 Atp100, Atp100w, Atp200 and 14 more | 2025-10-28 | N/A | 8.1 HIGH |
| A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow a semi-authenticated attacker—who has completed only the first stage of the two-factor authentication (2FA) process—to view and download the system configuration from an affected device. | |||||
| CVE-2025-26370 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 7.1 HIGH |
| A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove privileges from user groups via crafted HTTP requests. | |||||
| CVE-2025-26373 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 6.5 MEDIUM |
| A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests. | |||||
| CVE-2025-26377 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 8.1 HIGH |
| A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users via crafted HTTP requests. | |||||
| CVE-2025-36361 | 1 Ibm | 1 App Connect Enterprise | 2025-10-28 | N/A | 6.3 MEDIUM |
| IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization. | |||||
| CVE-2025-62954 | 2025-10-28 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in Codeinwp Revive Old Posts tweet-old-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive Old Posts: from n/a through <= 9.3.3. | |||||
| CVE-2025-62953 | 2025-10-28 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in nanbu Welcart e-Commerce usc-e-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcart e-Commerce: from n/a through <= 2.11.24. | |||||
| CVE-2025-62952 | 2025-10-28 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.0. | |||||
| CVE-2025-62946 | 2025-10-28 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in everestthemes Everest Backup everest-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Everest Backup: from n/a through <= 2.3.8. | |||||
| CVE-2025-62944 | 2025-10-28 | N/A | 9.8 CRITICAL | ||
| Missing Authorization vulnerability in Mark O'Donnell MSTW CSV EXPORTER mstw-csv-exporter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSTW CSV EXPORTER: from n/a through <= 1.4. | |||||
| CVE-2025-62938 | 2025-10-28 | N/A | 8.1 HIGH | ||
| Missing Authorization vulnerability in Reoon Technology Reoon Email Verifier reoon-email-verifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reoon Email Verifier: from n/a through <= 2.0.1. | |||||
| CVE-2025-62935 | 2025-10-28 | N/A | 8.1 HIGH | ||
| Missing Authorization vulnerability in ilmosys Open Close WooCommerce Store woc-open-close allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Close WooCommerce Store: from n/a through <= 4.9.8. | |||||
| CVE-2025-62932 | 2025-10-28 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in wprio Table Block by RioVizual riovizual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Table Block by RioVizual: from n/a through <= 2.3.2. | |||||
| CVE-2025-62931 | 2025-10-28 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in microsoftstart MSN Partner Hub microsoft-start allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSN Partner Hub: from n/a through <= 2.8.7. | |||||
| CVE-2025-62929 | 2025-10-28 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15. | |||||
| CVE-2025-62928 | 2025-10-28 | N/A | 8.1 HIGH | ||
| Missing Authorization vulnerability in Joby Joseph SEO Meta Description Updater seo-meta-description-updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Meta Description Updater: from n/a through <= 1.2.0. | |||||
| CVE-2025-62927 | 2025-10-28 | N/A | 8.1 HIGH | ||
| Missing Authorization vulnerability in Nelio Software Nelio Content nelio-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Content: from n/a through <= 4.0.5. | |||||
| CVE-2025-62925 | 2025-10-28 | N/A | 8.1 HIGH | ||
| Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through <= 7.2.10. | |||||
| CVE-2025-62924 | 2025-10-28 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.17. | |||||
| CVE-2025-62922 | 2025-10-28 | N/A | 8.1 HIGH | ||
| Missing Authorization vulnerability in Shambhu Patnaik Export Categories export-categories allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export Categories: from n/a through <= 1.0. | |||||