Total
5660 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58681 | 2025-09-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Jürgen Müller Easy Quotes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Easy Quotes: from n/a through 1.2.4. | |||||
| CVE-2025-58221 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in ONTRAPORT PilotPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PilotPress: from n/a through 2.0.35. | |||||
| CVE-2025-58668 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in VibeThemes WPLMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPLMS : from n/a through 4.970. | |||||
| CVE-2025-58680 | 2025-09-22 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in gutentor Gutentor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutentor: from n/a through 3.5.2. | |||||
| CVE-2025-59559 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in payrexx Payrexx Payment Gateway for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payrexx Payment Gateway for WooCommerce: from n/a through 3.1.5. | |||||
| CVE-2025-59561 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in hashthemes Smart Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Blocks: from n/a through 2.4. | |||||
| CVE-2025-58004 | 2025-09-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in SmartDataSoft DriCub allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DriCub: from n/a through 2.9. | |||||
| CVE-2025-58666 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Kommo Website Chat Button: Kommo integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Website Chat Button: Kommo integration: from n/a through 1.3.1. | |||||
| CVE-2025-58678 | 2025-09-22 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in PickPlugins Accordion allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accordion: from n/a through 2.3.14. | |||||
| CVE-2025-58957 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Vikas Ratudi VPSUForm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VPSUForm: from n/a through 3.2.20. | |||||
| CVE-2025-58663 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Themeum Qubely allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Qubely: from n/a through 1.8.14. | |||||
| CVE-2025-58650 | 2025-09-22 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Syed Balkhi All In One SEO Pack allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects All In One SEO Pack: from n/a through 4.8.7. | |||||
| CVE-2025-58664 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Azizul Hasan Text To Speech TTS Accessibility allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Text To Speech TTS Accessibility: from n/a through 1.9.20. | |||||
| CVE-2025-58029 | 2025-09-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Sumit Singh Classic Widgets with Block-based Widgets allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Classic Widgets with Block-based Widgets: from n/a through 1.0.1. | |||||
| CVE-2025-58672 | 2025-09-22 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Tareq Hasan WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.1.11. | |||||
| CVE-2024-49357 | 1 Zimaspace | 1 Zimaos | 2025-09-22 | N/A | 7.5 HIGH |
| ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as `http://<Server-IP>/v1/users/image?path=/var/lib/casaos/1/app_order.json` and `http://<Server-IP>/v1/users/image?path=/var/lib/casaos/1/system.json`, expose sensitive data like installed applications and system information without requiring any authentication or authorization. This sensitive data leak can be exploited by attackers to gain detailed knowledge about the system setup, installed applications, and other critical information. As of time of publication, no known patched versions are available. | |||||
| CVE-2025-9076 | 1 Mattermost | 1 Mattermost Server | 2025-09-20 | N/A | 6.5 MEDIUM |
| Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instances with shared channels enabled. | |||||
| CVE-2025-8487 | 2025-09-19 | N/A | 5.4 MEDIUM | ||
| The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Image Hub plugin. | |||||
| CVE-2025-10690 | 2025-09-19 | N/A | 9.8 CRITICAL | ||
| The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the 'beplus_import_pack_install_plugin' function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to upload zip files containing webshells disguised as plugins from remote locations to achieve remote code execution. | |||||
| CVE-2025-7665 | 2025-09-19 | N/A | 8.1 HIGH | ||
| The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handle_mofirebase_form_options' function in versions 3.1.0 to 3.6.2. This makes it possible for unauthenticated attackers to update the default role to Administrator. Premium features must be enabled in order to exploit the vulnerability. | |||||