Total
6630 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32684 | 2025-04-09 | N/A | 5.0 MEDIUM | ||
| Missing Authorization vulnerability in RomanCode MapSVG Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MapSVG Lite: from n/a through 8.5.32. | |||||
| CVE-2025-31012 | 2025-04-09 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Phil Age Gate allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Age Gate: from n/a through 3.5.4. | |||||
| CVE-2025-31004 | 2025-04-09 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Croover.inc Rich Table of Contents allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rich Table of Contents: from n/a through 1.4.0. | |||||
| CVE-2025-32624 | 2025-04-09 | N/A | 7.1 HIGH | ||
| Missing Authorization vulnerability in czater Czater.pl – live chat i telefon allows Cross Site Request Forgery. This issue affects Czater.pl – live chat i telefon: from n/a through 1.0.5. | |||||
| CVE-2022-4102 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-04-09 | N/A | 3.1 LOW |
| The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know the related slug. | |||||
| CVE-2022-3923 | 1 Activecampaign | 1 Activecampaign For Woocommerce | 2025-04-09 | N/A | 4.3 MEDIUM |
| The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs. | |||||
| CVE-2024-53473 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 7.5 HIGH |
| WeGIA 3.2.0 before 3998672 does not verify permission to change a password. | |||||
| CVE-2023-39993 | 1 Wpmet | 1 Elements Kit Elementor Addons | 2025-04-09 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through 2.9.0. | |||||
| CVE-2022-4103 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-04-09 | N/A | 4.3 MEDIUM |
| The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post (as well as any post type) with an arbitrary title | |||||
| CVE-2025-28872 | 1 Jwpegram | 1 Block Spam By Math Reloaded | 2025-04-09 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in jwpegram Block Spam By Math Reloaded allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Block Spam By Math Reloaded: from n/a through 2.2.4. | |||||
| CVE-2009-3168 | 1 Mevin | 1 Basic Php Events Lister | 2025-04-09 | 6.5 MEDIUM | 7.2 HIGH |
| Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin/reset.php and (2) admin/user_add.php, which allows remote authenticated users to reset administrative passwords or add administrators via a direct request. | |||||
| CVE-2008-6548 | 1 Moinmo | 1 Moinmoin | 2025-04-09 | 5.0 MEDIUM | N/A |
| The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors. | |||||
| CVE-2009-3781 | 1 Quicksketch | 1 Filefield | 2025-04-09 | 7.5 HIGH | N/A |
| The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors. | |||||
| CVE-2009-2282 | 1 Oracle | 2 Opensolaris, Solaris | 2025-04-09 | 4.6 MEDIUM | N/A |
| The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain privileges via unknown vectors. | |||||
| CVE-2024-33593 | 1 Rednao | 1 Smart Forms | 2025-04-08 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91. | |||||
| CVE-2023-49856 | 1 Rednao | 1 Smart Forms | 2025-04-08 | N/A | 8.1 HIGH |
| Missing Authorization vulnerability in RedNao Smart Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through 2.6.84. | |||||
| CVE-2025-27437 | 2025-04-08 | N/A | 4.3 MEDIUM | ||
| A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive data without further authorization and with no effect on availability. | |||||
| CVE-2025-27428 | 2025-04-08 | N/A | 7.7 HIGH | ||
| Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on confidentiality. There is no impact on integrity or availability. | |||||
| CVE-2025-32279 | 2025-04-08 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Shahjada Live Forms. This issue affects Live Forms: from n/a through 4.8.5. | |||||
| CVE-2025-30017 | 2025-04-08 | N/A | 4.4 MEDIUM | ||
| Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application. | |||||