Total
6172 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8796 | 2 Litmus Project, Litmuschaos | 2 Litmus, Litmus | 2025-09-02 | 5.4 Medium |
| A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/delete_project/ of the component Delete Request Handler. The manipulation of the argument projectID leads to missing authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8814 | 2 Atjiu, Pybbs Project | 2 Pybbs, Pybbs | 2025-09-02 | 4.3 Medium |
| A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 8aa2bb1aef3346e49aec6358edf5e47ce905ae7b. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-31691 | 1 Oauth2 Server Project | 1 Oauth2 Server | 2025-09-02 | 9.8 Critical |
| Missing Authorization vulnerability in Drupal OAuth2 Server allows Forceful Browsing.This issue affects OAuth2 Server: from 0.0.0 before 2.1.0. | ||||
| CVE-2024-13303 | 1 Download All Files Project | 1 Download All Files | 2025-09-02 | 5.3 Medium |
| Missing Authorization vulnerability in Drupal Download All Files allows Forceful Browsing.This issue affects Download All Files: from 0.0.0 before 2.0.2. | ||||
| CVE-2025-0086 | 1 Google | 1 Android | 2025-09-02 | 6.2 Medium |
| In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-2246 | 1 Gitlab | 1 Gitlab | 2025-09-02 | 5.8 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API. | ||||
| CVE-2025-49402 | 2025-08-29 | 6.5 Medium | ||
| Missing Authorization vulnerability in favethemes Houzez CRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Houzez CRM: from n/a through 1.4.7. | ||||
| CVE-2025-53337 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 5.4 Medium |
| Missing Authorization vulnerability in Ashan Perera LifePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LifePress: from n/a through 2.1.3. | ||||
| CVE-2025-54734 | 2 Bplugins, Wordpress | 2 B Slider, Wordpress | 2025-08-29 | 5.8 Medium |
| Missing Authorization vulnerability in bPlugins B Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B Slider: from n/a through 1.1.30. | ||||
| CVE-2025-54733 | 2025-08-29 | 6.5 Medium | ||
| Missing Authorization vulnerability in Miles All Bootstrap Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects All Bootstrap Blocks: from n/a through 1.3.28. | ||||
| CVE-2025-54714 | 2 Dylanjames, Wordpress | 2 Zephyr Project Manager, Wordpress | 2025-08-29 | 7.1 High |
| Missing Authorization vulnerability in Dylan James Zephyr Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zephyr Project Manager: from n/a through 3.3.201. | ||||
| CVE-2025-54710 | 2 Bplugins, Wordpress | 2 Tiktok Feed Plugin, Wordpress | 2025-08-29 | 7.1 High |
| Missing Authorization vulnerability in bPlugins Tiktok Feed allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Tiktok Feed: from n/a through 1.0.21. | ||||
| CVE-2025-53230 | 2 Elementor, Wordpress | 2 Elementor, Wordpress | 2025-08-29 | 7.6 High |
| Missing Authorization vulnerability in honzat Page Manager for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Page Manager for Elementor: from n/a through 2.0.5. | ||||
| CVE-2025-58192 | 2 Wordpress, Xylus Themes | 2 Wordpress, Wp Bulk Delete | 2025-08-29 | 4.3 Medium |
| Missing Authorization vulnerability in Xylus Themes WP Bulk Delete allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Bulk Delete: from n/a through 1.3.6. | ||||
| CVE-2025-48327 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 5.3 Medium |
| Missing Authorization vulnerability in inkthemes WP Mailgun SMTP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Mailgun SMTP: from n/a through 1.0.7. | ||||
| CVE-2025-58201 | 2 Aftership & Automizely, Wordpress | 2 Aftership Tracking, Wordpress | 2025-08-29 | 5.3 Medium |
| Missing Authorization vulnerability in AfterShip & Automizely AfterShip Tracking allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects AfterShip Tracking: from n/a through 1.17.17. | ||||
| CVE-2025-58198 | 2 Wordpress, Xpro | 2 Wordpress, Theme Builder | 2025-08-29 | 6.5 Medium |
| Missing Authorization vulnerability in Xpro Xpro Theme Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Xpro Theme Builder: from n/a through 1.2.9. | ||||
| CVE-2025-58193 | 2 Uncannyowl, Wordpress | 2 Uncanny Automator, Wordpress | 2025-08-29 | 4.3 Medium |
| Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Uncanny Automator: from n/a through 6.7.0.1. | ||||
| CVE-2025-48350 | 1 Wordpress | 1 Wordpress | 2025-08-29 | 4.3 Medium |
| Missing Authorization vulnerability in Neuralabz LTD AutoWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AutoWP: from n/a through 2.2.2. | ||||
| CVE-2025-0951 | 2 Liquidthemes, Wordpress | 4 Ai Hub, Archub, Hub and 1 more | 2025-08-29 | 4.3 Medium |
| Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquid_reset_wordpress_before AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivate all of a site's plugins. While we escalated this to Envato after not being able to establish contact, it appears the developer added a nonce check, however that is not sufficient protection as the nonce is exposed to all users with access to the dashboard. | ||||