Total
6616 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58785 | 2025-09-05 | 5.4 Medium | ||
| Missing Authorization vulnerability in jbhovik Ray Enterprise Translation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ray Enterprise Translation: from n/a through 1.7.1. | ||||
| CVE-2025-3124 | 1 Github | 1 Enterprise Server | 2025-09-05 | 4.3 Medium |
| A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only using the `archived:` filter and all other access controls were functioning normally. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.17 and was fixed in versions 3.13.14, 3.14.11, 3.15.6, and 3.16.2. | ||||
| CVE-2024-54679 | 1 Cyberpanel | 1 Cyberpanel | 2025-09-05 | 4.3 Medium |
| CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions. | ||||
| CVE-2025-52554 | 1 N8n | 1 N8n | 2025-09-04 | 4.3 Medium |
| n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption. This issue has been patched in version 1.99.1. A workaround involves restricting access to the /rest/executions/:id/stop endpoint via reverse proxy or API gateway. | ||||
| CVE-2025-9747 | 1 Benjaminjonard | 1 Koillection | 2025-09-04 | 4.3 Medium |
| A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrf_protection_controller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.0 is able to address this issue. The name of the patch is 9ab8562d3f1e953da93fed63f9ee802c7ea26a9a. It is suggested to upgrade the affected component. The vendor explains: "I ended up switching to a newer CSRF handling using stateless token." | ||||
| CVE-2025-22439 | 1 Google | 1 Android | 2025-09-04 | 7.3 High |
| In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-3701 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 4.3 Medium |
| Missing Authorization vulnerability in Malcure Web Security Malcure Malware Scanner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Malcure Malware Scanner: from n/a through 16.8. | ||||
| CVE-2025-9219 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 4.3 Medium |
| The Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_post_smtp_pro_option_callback' function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable pro extensions. | ||||
| CVE-2025-58603 | 2 Surfer, Wordpress | 2 Surfer Plugin, Wordpress | 2025-09-04 | 5.3 Medium |
| Missing Authorization vulnerability in Surfer Surfer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Surfer: from n/a through 1.6.4.574. | ||||
| CVE-2025-58594 | 2 Brizy, Wordpress | 2 Brizy, Wordpress | 2025-09-04 | 4.3 Medium |
| Missing Authorization vulnerability in themefusecom Brizy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Brizy: from n/a through 2.7.12. | ||||
| CVE-2025-58634 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 5.3 Medium |
| Missing Authorization vulnerability in peachpay PeachPay Payments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PeachPay Payments: from n/a through 1.117.4. | ||||
| CVE-2025-58601 | 2 Radiustheme, Wordpress | 2 Classified Listing, Wordpress | 2025-09-04 | 4.3 Medium |
| Missing Authorization vulnerability in RadiusTheme Classified Listing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Classified Listing: from n/a through 5.0.6. | ||||
| CVE-2025-58639 | 2 Contact Form By Mega Forms Project, Wordpress | 2 Contact Form By Mega Forms, Wordpress | 2025-09-04 | 5.4 Medium |
| Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form By Mega Forms: from n/a through 1.6.1. | ||||
| CVE-2025-8268 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 6.5 Medium |
| The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded by other users. | ||||
| CVE-2025-58616 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 6.5 Medium |
| Missing Authorization vulnerability in Frisbii Frisbii Pay allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frisbii Pay: from n/a through 1.8.2.1. | ||||
| CVE-2025-58613 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 5.3 Medium |
| Missing Authorization vulnerability in Barn2 Plugins Posts Table with Search & Sort allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Posts Table with Search & Sort: from n/a through 1.4.10. | ||||
| CVE-2025-58617 | 1 Wordpress | 1 Wordpress | 2025-09-04 | 4.3 Medium |
| Missing Authorization vulnerability in FAKTOR VIER F4 Media Taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects F4 Media Taxonomies: from n/a through 1.1.4. | ||||
| CVE-2025-58599 | 2 Tychesoftwares, Wordpress | 2 Order Delivery Date For Woocommerce, Wordpress | 2025-09-04 | 4.3 Medium |
| Missing Authorization vulnerability in tychesoftwares Order Delivery Date for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Order Delivery Date for WooCommerce: from n/a through 4.1.0. | ||||
| CVE-2025-58606 | 2 Cozythemes, Wordpress | 2 Saaslauncher, Wordpress | 2025-09-04 | 5 Medium |
| Missing Authorization vulnerability in CozyThemes SaasLauncher allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SaasLauncher: from n/a through 1.3.0. | ||||
| CVE-2025-58622 | 2 Wordpress, Yydevelopment | 2 Wordpress, Mobile Contact Line Plugin | 2025-09-04 | 4.3 Medium |
| Missing Authorization vulnerability in yydevelopment Mobile Contact Line allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile Contact Line: from n/a through 2.4.0. | ||||