Total
5525 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-62919 | 2025-10-28 | N/A | 9.1 CRITICAL | ||
| Missing Authorization vulnerability in themeshopy TS Demo Importer ts-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Demo Importer: from n/a through <= 0.1.2. | |||||
| CVE-2025-62918 | 2025-10-28 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in ignitionwp IgnitionDeck ignitiondeck allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IgnitionDeck: from n/a through <= 2.0.10. | |||||
| CVE-2025-62916 | 2025-10-28 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in adivaha® Flights & Hotels Booking WP Plugin adiaha-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flights & Hotels Booking WP Plugin: from n/a through <= 3.1. | |||||
| CVE-2025-62915 | 2025-10-28 | N/A | 8.1 HIGH | ||
| Missing Authorization vulnerability in clicksend SMS Contact Form 7 Notifications by ClickSend clicksend-contactform7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Contact Form 7 Notifications by ClickSend: from n/a through <= 1.4.0. | |||||
| CVE-2025-62909 | 2025-10-28 | N/A | 8.1 HIGH | ||
| Missing Authorization vulnerability in mrityunjay Smart WeTransfer smart-wetransfer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart WeTransfer: from n/a through <= 1.3. | |||||
| CVE-2025-62908 | 2025-10-28 | N/A | 9.8 CRITICAL | ||
| Missing Authorization vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Podlove Web Player: from n/a through <= 5.9.1. | |||||
| CVE-2025-62906 | 2025-10-28 | N/A | 9.8 CRITICAL | ||
| Missing Authorization vulnerability in epiphanyit321 Referral Link Tracker referral-link-tracker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Referral Link Tracker: from n/a through <= 1.1.4. | |||||
| CVE-2025-62892 | 2025-10-28 | N/A | 9.1 CRITICAL | ||
| Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.3. | |||||
| CVE-2025-62889 | 2025-10-28 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in KingAddons.com King Addons for Elementor king-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects King Addons for Elementor: from n/a through <= 51.1.37. | |||||
| CVE-2025-20362 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2025-10-28 | N/A | 6.5 MEDIUM |
| A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access VPN that should otherwise be inaccessible without authentication. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication. | |||||
| CVE-2025-11989 | 1 Gitlab | 1 Gitlab | 2025-10-28 | N/A | 3.7 LOW |
| GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to execute unauthorized quick actions by including malicious commands in specific descriptions. | |||||
| CVE-2025-61755 | 1 Oracle | 1 Graalvm For Jdk | 2025-10-27 | N/A | 3.7 LOW |
| Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2025-11581 | 1 Powerjob | 1 Powerjob | 2025-10-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-11580 | 1 Powerjob | 1 Powerjob | 2025-10-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-42968 | 1 Sap | 1 Netweaver | 2025-10-27 | N/A | 5.0 MEDIUM |
| SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the application. | |||||
| CVE-2025-42986 | 1 Sap | 1 Sap Basis | 2025-10-27 | N/A | 4.3 MEDIUM |
| Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on integrity or availability of the application. | |||||
| CVE-2025-62980 | 2025-10-27 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in MDZ Persian Admnin Fonts persian-admin-fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Persian Admnin Fonts: from n/a through <= 4.1.03. | |||||
| CVE-2025-62965 | 2025-10-27 | N/A | 7.2 HIGH | ||
| Missing Authorization vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin Management Xtended : from n/a through <= 2.5.1. | |||||
| CVE-2025-62964 | 2025-10-27 | N/A | 8.1 HIGH | ||
| Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through <= 1.3.4. | |||||
| CVE-2025-62884 | 2025-10-27 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coupon Affiliates: from n/a through <= 7.0.3. | |||||