Total
4922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-23684 | 2025-02-18 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Debug Tool: from n/a through 2.2. | |||||
| CVE-2025-22657 | 2025-02-18 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in Vito Peleg Atarim allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Atarim: from n/a through 4.0.9. | |||||
| CVE-2025-22730 | 2025-02-18 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Ksher Ksher allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ksher: from n/a through 1.1.2. | |||||
| CVE-2025-22643 | 2025-02-18 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in FameThemes OnePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OnePress: from n/a through 2.3.11. | |||||
| CVE-2024-13639 | 1 Edmonsoft | 1 Read More \& Accordion | 2025-02-18 | N/A | 4.3 MEDIUM |
| The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the expmDeleteData() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary 'read more' posts. | |||||
| CVE-2025-25241 | 2025-02-18 | N/A | 5.4 MEDIUM | ||
| Due to a missing authorization check, an attacker who is logged in to application can view/ delete �My Overtime Requests� which could allow the attacker to access employee information. This leads to low impact on confidentiality, integrity of the application. There is no impact on availability. | |||||
| CVE-2025-23187 | 2025-02-18 | N/A | 5.3 MEDIUM | ||
| Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an unauthenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability. | |||||
| CVE-2025-1358 | 2025-02-18 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability classified as problematic was found in Pix Software Vivaz 6.0.10. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2021-39226 | 2 Fedoraproject, Grafana | 2 Fedora, Grafana | 2025-02-18 | 6.8 MEDIUM | 9.8 CRITICAL |
| Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "public_mode" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot "public_mode" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects. | |||||
| CVE-2025-26765 | 2025-02-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Distance Based Shipping Calculator: from n/a through 2.0.22. | |||||
| CVE-2025-22291 | 2025-02-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.0.20. | |||||
| CVE-2024-27190 | 1 Jeandaviddaviet | 1 Download Media | 2025-02-14 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Jean-David Daviet Download Media.This issue affects Download Media: from n/a through 1.4.2. | |||||
| CVE-2025-24692 | 2025-02-14 | N/A | 7.1 HIGH | ||
| Missing Authorization vulnerability in Michael Revellin-Clerc Bulk Menu Edit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bulk Menu Edit: from n/a through 1.3. | |||||
| CVE-2025-23771 | 2025-02-14 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Push Notification for Post and BuddyPress: from n/a through 2.11. | |||||
| CVE-2025-23766 | 2025-02-14 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OPSI Israel Domestic Shipments: from n/a through 2.6.6. | |||||
| CVE-2025-23534 | 2025-02-14 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Mark Winiarski WPLingo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPLingo: from n/a through 1.1.2. | |||||
| CVE-2025-22702 | 2025-02-14 | N/A | 6.3 MEDIUM | ||
| Missing Authorization vulnerability in EPC Photography. This issue affects Photography: from n/a through 7.5.2. | |||||
| CVE-2025-22698 | 2025-02-14 | N/A | 6.3 MEDIUM | ||
| Missing Authorization vulnerability in Ability, Inc Accessibility Suite by Online ADA allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Suite by Online ADA: from n/a through 4.16. | |||||
| CVE-2024-52500 | 2025-02-14 | N/A | 7.2 HIGH | ||
| Missing Authorization vulnerability in monetagwp Monetag Official Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Monetag Official Plugin: from n/a through 1.1.3. | |||||
| CVE-2024-22257 | 2025-02-13 | N/A | 8.2 HIGH | ||
| In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter. | |||||