Total
5263 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22414 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.8 HIGH |
| In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48549 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way to record audio via a background app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-58824 | 2025-09-05 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in webriti Shk Corporate allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shk Corporate: from n/a through 2.4.1.1. | |||||
| CVE-2025-53571 | 2025-09-05 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HAPPY: from n/a through 1.0.6. | |||||
| CVE-2025-58795 | 2025-09-05 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Payoneer Checkout Payoneer Checkout allows Content Spoofing. This issue affects Payoneer Checkout: from n/a through 3.4.0. | |||||
| CVE-2025-58816 | 2025-09-05 | N/A | 3.5 LOW | ||
| Missing Authorization vulnerability in Plugin Devs Product Carousel Slider for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Carousel Slider for Elementor: from n/a through 2.1.3. | |||||
| CVE-2025-54744 | 2025-09-05 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Stylemix MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MasterStudy LMS: from n/a through 3.6.15. | |||||
| CVE-2025-58817 | 2025-09-05 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in DesertThemes SoftMe allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SoftMe: from n/a through 1.1.24. | |||||
| CVE-2025-58785 | 2025-09-05 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in jbhovik Ray Enterprise Translation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ray Enterprise Translation: from n/a through 1.7.1. | |||||
| CVE-2025-58783 | 2025-09-05 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in gutentor Gutentor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutentor: from n/a through 3.5.1. | |||||
| CVE-2025-58813 | 2025-09-05 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in ThemeArile Consultstreet allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Consultstreet: from n/a through 3.0.0. | |||||
| CVE-2025-3124 | 1 Github | 1 Enterprise Server | 2025-09-05 | N/A | 4.3 MEDIUM |
| A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only using the `archived:` filter and all other access controls were functioning normally. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.17 and was fixed in versions 3.13.14, 3.14.11, 3.15.6, and 3.16.2. | |||||
| CVE-2024-54679 | 1 Cyberpanel | 1 Cyberpanel | 2025-09-05 | N/A | 4.3 MEDIUM |
| CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions. | |||||
| CVE-2021-39810 | 1 Google | 1 Android | 2025-09-04 | N/A | 7.8 HIGH |
| In verifyDefaults of CardEmulationManager.java, there is a possible way to set a third party app as the default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-52554 | 1 N8n | 1 N8n | 2025-09-04 | N/A | 4.3 MEDIUM |
| n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption. This issue has been patched in version 1.99.1. A workaround involves restricting access to the /rest/executions/:id/stop endpoint via reverse proxy or API gateway. | |||||
| CVE-2025-9747 | 1 Benjaminjonard | 1 Koillection | 2025-09-04 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrf_protection_controller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.0 is able to address this issue. The name of the patch is 9ab8562d3f1e953da93fed63f9ee802c7ea26a9a. It is suggested to upgrade the affected component. The vendor explains: "I ended up switching to a newer CSRF handling using stateless token." | |||||
| CVE-2025-22439 | 1 Google | 1 Android | 2025-09-04 | N/A | 7.3 HIGH |
| In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-3701 | 2025-09-04 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Malcure Web Security Malcure Malware Scanner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Malcure Malware Scanner: from n/a through 16.8. | |||||
| CVE-2025-58210 | 2025-09-04 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in ThemeMove Makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Makeaholic: from n/a through 1.8.5. | |||||
| CVE-2025-6685 | 2025-09-04 | N/A | 8.8 HIGH | ||
| ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The issue results from the lack of validating the assigned user role when handling requests. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-26647. | |||||