Total
5118 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26657 | 2025-04-08 | N/A | 5.3 MEDIUM | ||
| SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application. This has no effect on integrity and availability. | |||||
| CVE-2024-36246 | 2025-04-08 | N/A | 9.8 CRITICAL | ||
| Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted. | |||||
| CVE-2024-53258 | 1 Autolabproject | 1 Autolab | 2025-04-07 | N/A | 5.3 MEDIUM |
| Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the download_all_submissions feature. This can allow for leakage of submissions to unauthorized users, such as downloading submissions from other students in the class, or even instructor test submissions, given they know their user IDs. This issue has been patched in commit `1aa4c769` which is not yet in a release version, but is expected to be included in version 3.0.3. Users are advised to either manually patch or to wait for version 3.0.3. As a workaround administrators can disable the feature. | |||||
| CVE-2025-24181 | 1 Apple | 1 Macos | 2025-04-07 | N/A | 9.8 CRITICAL |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data. | |||||
| CVE-2023-38386 | 1 Ninjaforms | 1 Ninja Forms | 2025-04-07 | N/A | 7.6 HIGH |
| Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25. | |||||
| CVE-2023-47826 | 1 Nicheaddons | 1 Restaurant \& Cafe Addon For Elementor | 2025-04-07 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.3. | |||||
| CVE-2025-31581 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Sandeep Kumar WP Video Playlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Video Playlist: from n/a through 1.1.2. | |||||
| CVE-2025-31896 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in istmoplugins GetBookingsWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GetBookingsWP: from n/a through 1.1.27. | |||||
| CVE-2025-31876 | 2025-04-07 | N/A | 5.8 MEDIUM | ||
| Missing Authorization vulnerability in gunnarpayday Payday allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payday: from n/a through 3.3.12. | |||||
| CVE-2025-30916 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Residential Address Detection: from n/a through 2.5.4. | |||||
| CVE-2025-31746 | 2025-04-07 | N/A | 6.4 MEDIUM | ||
| Missing Authorization vulnerability in Think201 Clients allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clients: from n/a through 1.1.4. | |||||
| CVE-2025-31758 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Free Woocommerce Product Table View: from n/a through 1.78. | |||||
| CVE-2025-30915 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.19. | |||||
| CVE-2025-3150 | 2025-04-07 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected. | |||||
| CVE-2025-31794 | 2025-04-07 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Web Ready Now WR Price List Manager For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WR Price List Manager For Woocommerce: from n/a through 1.0.8. | |||||
| CVE-2025-31909 | 2025-04-07 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in NotFound Apptivo Business Site CRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Apptivo Business Site CRM: from n/a through 5.3. | |||||
| CVE-2025-31729 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in jeffikus WooTumblog allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooTumblog: from n/a through 2.1.4. | |||||
| CVE-2025-31795 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Plugin Devs Shopify to WooCommerce Migration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shopify to WooCommerce Migration: from n/a through 1.3.0. | |||||
| CVE-2025-31736 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in richtexteditor Rich Text Editor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rich Text Editor: from n/a through 1.0.1. | |||||
| CVE-2025-31858 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in matthewrubin Local Magic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Local Magic: from n/a through 2.6.0. | |||||