Total
5660 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-64285 | 2025-10-30 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through <= 1.1.10. | |||||
| CVE-2025-64229 | 2025-10-30 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.7. | |||||
| CVE-2025-64219 | 2025-10-30 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.18. | |||||
| CVE-2025-10008 | 2025-10-30 | N/A | 5.3 MEDIUM | ||
| The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clean_options' function in all versions up to, and including, 5.1. This makes it possible for unauthenticated attackers to delete limited transients that contain cached plugin options. | |||||
| CVE-2025-58711 | 2025-10-30 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in solwin Blog Designer PRO blog-designer-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blog Designer PRO: from n/a through <= 3.4.8. | |||||
| CVE-2025-64210 | 2025-10-30 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through <= 1.2.4. | |||||
| CVE-2025-11881 | 2025-10-30 | N/A | 5.3 MEDIUM | ||
| The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'myappp_verify' function in all versions up to, and including, 4.5.0. This makes it possible for unauthenticated attackers to extract sensitive data including plugin and theme names and version numbers, which can be used to facilitate targeted attacks against outdated or vulnerable components. | |||||
| CVE-2025-11632 | 2025-10-30 | N/A | 4.3 MEDIUM | ||
| The Call Now Button – The #1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to generate links to billing portal, where they can view and modify billing information of the connected, account, generate chat session tokens, view domain status, etc. This vulnerability was partially fixed in version 1.5.4 and fully fixed in version 1.5.5 | |||||
| CVE-2025-6205 | 1 3ds | 1 Delmia Apriso | 2025-10-29 | N/A | 9.1 CRITICAL |
| A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application. | |||||
| CVE-2025-41443 | 1 Mattermost | 1 Mattermost Server | 2025-10-29 | N/A | 4.3 MEDIUM |
| Mattermost versions 10.5.x <= 10.5.12, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the `/api/v4/teams/{team_id}/channels/ids` endpoint | |||||
| CVE-2025-9133 | 1 Zyxel | 17 Atp100, Atp100w, Atp200 and 14 more | 2025-10-28 | N/A | 8.1 HIGH |
| A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow a semi-authenticated attacker—who has completed only the first stage of the two-factor authentication (2FA) process—to view and download the system configuration from an affected device. | |||||
| CVE-2025-26370 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 7.1 HIGH |
| A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove privileges from user groups via crafted HTTP requests. | |||||
| CVE-2025-26373 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 6.5 MEDIUM |
| A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests. | |||||
| CVE-2025-26377 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 8.1 HIGH |
| A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users via crafted HTTP requests. | |||||
| CVE-2025-36361 | 1 Ibm | 1 App Connect Enterprise | 2025-10-28 | N/A | 6.3 MEDIUM |
| IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization. | |||||
| CVE-2025-62954 | 2025-10-28 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in Codeinwp Revive Old Posts tweet-old-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive Old Posts: from n/a through <= 9.3.3. | |||||
| CVE-2025-62953 | 2025-10-28 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in nanbu Welcart e-Commerce usc-e-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcart e-Commerce: from n/a through <= 2.11.24. | |||||
| CVE-2025-62952 | 2025-10-28 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.0. | |||||
| CVE-2025-62946 | 2025-10-28 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in everestthemes Everest Backup everest-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Everest Backup: from n/a through <= 2.3.8. | |||||
| CVE-2025-62944 | 2025-10-28 | N/A | 9.8 CRITICAL | ||
| Missing Authorization vulnerability in Mark O'Donnell MSTW CSV EXPORTER mstw-csv-exporter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSTW CSV EXPORTER: from n/a through <= 1.4. | |||||