Total
4639 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27190 | 1 Jeandaviddaviet | 1 Download Media | 2025-02-14 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Jean-David Daviet Download Media.This issue affects Download Media: from n/a through 1.4.2. | |||||
| CVE-2025-24692 | 2025-02-14 | N/A | 7.1 HIGH | ||
| Missing Authorization vulnerability in Michael Revellin-Clerc Bulk Menu Edit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bulk Menu Edit: from n/a through 1.3. | |||||
| CVE-2025-24607 | 2025-02-14 | N/A | 5.8 MEDIUM | ||
| Missing Authorization vulnerability in Northern Beaches Websites IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects IdeaPush: from n/a through 8.71. | |||||
| CVE-2025-23771 | 2025-02-14 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Push Notification for Post and BuddyPress: from n/a through 2.11. | |||||
| CVE-2025-23766 | 2025-02-14 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OPSI Israel Domestic Shipments: from n/a through 2.6.6. | |||||
| CVE-2025-23534 | 2025-02-14 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Mark Winiarski WPLingo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPLingo: from n/a through 1.1.2. | |||||
| CVE-2025-22702 | 2025-02-14 | N/A | 6.3 MEDIUM | ||
| Missing Authorization vulnerability in EPC Photography. This issue affects Photography: from n/a through 7.5.2. | |||||
| CVE-2025-22698 | 2025-02-14 | N/A | 6.3 MEDIUM | ||
| Missing Authorization vulnerability in Ability, Inc Accessibility Suite by Online ADA allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Suite by Online ADA: from n/a through 4.16. | |||||
| CVE-2024-52500 | 2025-02-14 | N/A | 7.2 HIGH | ||
| Missing Authorization vulnerability in monetagwp Monetag Official Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Monetag Official Plugin: from n/a through 1.1.3. | |||||
| CVE-2024-22257 | 2025-02-13 | N/A | 8.2 HIGH | ||
| In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter. | |||||
| CVE-2023-50944 | 1 Apache | 1 Airflow | 2025-02-13 | N/A | 6.5 MEDIUM |
| Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue. | |||||
| CVE-2023-2183 | 1 Grafana | 1 Grafana | 2025-02-13 | N/A | 4.1 MEDIUM |
| Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function. This might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server. Users may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix. | |||||
| CVE-2023-26269 | 1 Apache | 1 James | 2025-02-13 | N/A | 7.8 HIGH |
| Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX password automatically for Guice users. | |||||
| CVE-2025-1214 | 2025-02-12 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical has been found in pihome-shc PiHome 2.0. This affects an unknown part of the file /user_accounts.php?uid of the component Role-Based Access Control. The manipulation leads to missing authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-21396 | 1 Microsoft | 1 Account | 2025-02-12 | N/A | 8.2 HIGH |
| Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2024-4427 | 1 Comparisonslider | 1 Comparison Slider | 2025-02-12 | N/A | 4.3 MEDIUM |
| The Comparison Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.5. This makes it possible for authenticated attackers, with subscriber access or above, to change plugin settings and perform other actions such deleting sliders. | |||||
| CVE-2023-0805 | 1 Gitlab | 1 Gitlab | 2025-02-12 | N/A | 4.9 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner. | |||||
| CVE-2023-4947 | 1 Yanco | 1 Woocommerce Ean Payment Gateway | 2025-02-12 | N/A | 4.3 MEDIUM |
| The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above, to update EAN numbers for orders. | |||||
| CVE-2025-26377 | 2025-02-12 | N/A | 8.1 HIGH | ||
| A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users via crafted HTTP requests. | |||||
| CVE-2025-26374 | 2025-02-12 | N/A | 6.5 MEDIUM | ||
| A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests. | |||||