Total
7652 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31338 | 2025-04-17 | N/A | ||
| A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality. | ||||
| CVE-2023-47458 | 1 Bladex | 1 Springblade | 2025-04-17 | 9.8 Critical |
| An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework. | ||||
| CVE-2023-6383 | 1 Bowo | 1 Debug Log Manager | 2025-04-17 | 7.5 High |
| The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data | ||||
| CVE-2022-26423 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | 8.2 High |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | ||||
| CVE-2022-1070 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | 8.2 High |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | ||||
| CVE-2022-1066 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | 8.2 High |
| Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | ||||
| CVE-2022-4024 | 1 Genetechsolutions | 1 Pie Register | 2025-04-17 | 6.5 Medium |
| The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts) | ||||
| CVE-2022-3961 | 1 Wpwax | 1 Directorist | 2025-04-17 | 6.5 Medium |
| The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessing sensitive system information. | ||||
| CVE-2023-22697 | 1 Ays-pro | 1 Survey Maker | 2025-04-17 | 5.3 Medium |
| Missing Authorization vulnerability in Survey Maker team Survey Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through 3.2.0. | ||||
| CVE-2021-43938 | 1 Smartptt | 1 Scada Server | 2025-04-16 | 8.1 High |
| Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization. | ||||
| CVE-2021-33013 | 1 Myscada | 1 Mypro | 2025-04-16 | 8.2 High |
| mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information. | ||||
| CVE-2022-1521 | 1 Illumina | 8 Iseq 100, Local Run Manager, Miniseq and 5 more | 2025-04-16 | 9.1 Critical |
| LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data. | ||||
| CVE-2024-27900 | 1 Sap | 1 Abap Platform | 2025-04-16 | 4.3 Medium |
| Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner. | ||||
| CVE-2025-27008 | 2025-04-16 | 7.5 High | ||
| Missing Authorization vulnerability in NotFound Unlimited Timeline allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Unlimited Timeline: from n/a through n/a. | ||||
| CVE-2024-30477 | 1 Klarna | 1 Klarna For Woocommerce | 2025-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Klarna Klarna Payments for WooCommerce.This issue affects Klarna Payments for WooCommerce: from n/a through 3.2.4. | ||||
| CVE-2023-25966 | 1 Ninjateam | 1 Filebird | 2025-04-15 | 5.5 Medium |
| Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 5.1.4. | ||||
| CVE-2022-32768 | 1 Wwbn | 1 Avideo | 2025-04-15 | 4.2 Medium |
| Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user's streams. | ||||
| CVE-2022-32769 | 1 Wwbn | 1 Avideo | 2025-04-15 | 5.0 Medium |
| Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Playlists plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user's playlists. | ||||
| CVE-2024-33667 | 1 Zammad | 1 Zammad | 2025-04-15 | 6.5 Medium |
| An issue was discovered in Zammad before 6.3.0. An authenticated agent could perform a remote Denial of Service attack by calling an endpoint that accepts a generic method name, which was not properly sanitized against an allowlist. | ||||
| CVE-2022-45410 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-04-15 | 6.5 Medium |
| When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | ||||