Total
5132 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31854 | 2025-04-01 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Sharaz Shahid Simple Sticky Add To Cart For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Sticky Add To Cart For WooCommerce: from n/a through 1.4.5. | |||||
| CVE-2025-31868 | 2025-04-01 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2. | |||||
| CVE-2025-31834 | 2025-04-01 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in themeglow JobBoard Job listing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBoard Job listing: from n/a through 1.2.7. | |||||
| CVE-2025-31816 | 2025-04-01 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in pietro Mobile App Canvas allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile App Canvas: from n/a through 3.8.1. | |||||
| CVE-2025-31802 | 2025-04-01 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Shiptimize Shiptimize for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shiptimize for WooCommerce: from n/a through 3.1.86. | |||||
| CVE-2025-31799 | 2025-04-01 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in publitio Publitio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Publitio: from n/a through 2.1.8. | |||||
| CVE-2025-31798 | 2025-04-01 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in publitio Publitio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Publitio: from n/a through 2.1.8. | |||||
| CVE-2025-31822 | 2025-04-01 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Simple HTML Sitemap: from n/a through 3.2. | |||||
| CVE-2025-31831 | 2025-04-01 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Team AtomChat AtomChat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AtomChat: from n/a through 1.1.6. | |||||
| CVE-2025-2589 | 1 Code-projects | 1 Human Resource Management | 2025-04-01 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. This issue affects the function Index of the file \handler\Account.go. The manipulation of the argument user_cookie leads to improper authorization. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-24459 | 1 Jenkins | 1 Bearychat | 2025-04-01 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
| CVE-2024-28155 | 1 Jenkins | 1 Appspider | 2025-03-29 | N/A | 4.3 MEDIUM |
| Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names. | |||||
| CVE-2023-52352 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-28 | N/A | 5.5 MEDIUM |
| In Network Adapter Service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed | |||||
| CVE-2025-1668 | 1 Igexsolutions | 1 Wpschoolpress | 2025-03-28 | N/A | 4.3 MEDIUM |
| The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpsp_DeleteUser() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access and above, to delete arbitrary user accounts. | |||||
| CVE-2025-27103 | 1 Dataease | 1 Dataease | 2025-03-28 | N/A | 6.5 MEDIUM |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available. | |||||
| CVE-2022-39811 | 1 Italtel | 1 Netmatch-s Ci | 2025-03-28 | N/A | 9.1 CRITICAL |
| Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system configuration, bypassing all controls (without checking for user identity). | |||||
| CVE-2025-26733 | 2025-03-28 | N/A | 8.2 HIGH | ||
| Missing Authorization vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8. | |||||
| CVE-2025-2815 | 2025-03-28 | N/A | 8.8 HIGH | ||
| The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminz_import_backup() function in all versions up to, and including, 2025.03.24. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2025-22739 | 2025-03-28 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in ThimPress LearnPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through 4.2.7.5. | |||||
| CVE-2025-31469 | 2025-03-28 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in webrangers Clear Sucuri Cache allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clear Sucuri Cache: from n/a through 1.4. | |||||