Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9844 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30803 | 2025-03-27 | 4.3 Medium | ||
| Missing Authorization vulnerability in Greg Ross Just Writing Statistics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Just Writing Statistics: from n/a through 5.3. | ||||
| CVE-2025-30790 | 2025-03-27 | 5.3 Medium | ||
| Missing Authorization vulnerability in alexvtn Chatbox Manager allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Chatbox Manager: from n/a through 1.2.2. | ||||
| CVE-2025-30772 | 2025-03-27 | 8.8 High | ||
| Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce allows Privilege Escalation. This issue affects WPC Smart Upsell Funnel for WooCommerce: from n/a through 3.0.4. | ||||
| CVE-2025-30767 | 2025-03-27 | 5.4 Medium | ||
| Missing Authorization vulnerability in add-ons.org PDF for WPForms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for WPForms: from n/a through 5.3.0. | ||||
| CVE-2022-45435 | 1 Sailpoint | 1 Identityiq | 2025-03-27 | 6.8 Medium |
| IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6, and all prior versions allow authenticated users assigned the Identity Administrator capability or any custom capability that contains the SetIdentityForwarding right to modify the work item forwarding configuration for identities other than the ones that should be allowed by Lifecycle Manager Quicklink Population configuration. | ||||
| CVE-2023-24829 | 1 Apache | 1 Iotdb | 2025-03-27 | 8.8 High |
| Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards. | ||||
| CVE-2025-2276 | 2025-03-27 | 4.3 Medium | ||
| The Ultimate Dashboard – Custom WordPress Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_module_actions function in all versions up to, and including, 3.8.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate/deactivate plugin modules. | ||||
| CVE-2025-22770 | 2025-03-27 | 5.4 Medium | ||
| Missing Authorization vulnerability in EnvoThemes Envo Multipurpose allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Multipurpose: from n/a through 1.1.6. | ||||
| CVE-2025-22670 | 2025-03-27 | 6.5 Medium | ||
| Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.7.2. | ||||
| CVE-2025-22629 | 2025-03-27 | 5.3 Medium | ||
| Missing Authorization vulnerability in iNET iNET Webkit allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iNET Webkit: from n/a through 1.2.2. | ||||
| CVE-2025-22667 | 2025-03-27 | 4.3 Medium | ||
| Missing Authorization vulnerability in Creative Werk Designs Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets.This issue affects Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets: from n/a through 1.8.2. | ||||
| CVE-2025-22671 | 2025-03-27 | 4.3 Medium | ||
| Missing Authorization vulnerability in Leap13 Disable Elementor Editor Translation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Disable Elementor Editor Translation: from n/a through 1.0.2. | ||||
| CVE-2025-22647 | 2025-03-27 | 4.3 Medium | ||
| Missing Authorization vulnerability in smackcoders AIO Performance Profiler, Monitor, Optimize, Compress & Debug allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO Performance Profiler, Monitor, Optimize, Compress & Debug: from n/a through 1.2. | ||||
| CVE-2025-22668 | 2025-03-27 | 6.5 Medium | ||
| Missing Authorization vulnerability in AwesomeTOGI Awesome Event Booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Event Booking: from n/a through 2.7.2. | ||||
| CVE-2025-30581 | 2025-03-27 | 5.3 Medium | ||
| Missing Authorization vulnerability in PluginOps Top Bar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Top Bar: from n/a through 3.3. | ||||
| CVE-2023-50811 | 1 Seling | 1 Visual Access Manager | 2025-03-27 | 6.5 Medium |
| An issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a specific reception by POST HTTP request interception. Iterating that parameter, it has been possible to access to the application and take control of many other receptions in addition the assigned one. | ||||
| CVE-2023-6821 | 1 Bestwebsoft | 1 Error Log Viewer | 2025-03-27 | 6.5 Medium |
| The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization | ||||
| CVE-2025-25274 | 1 Mattermost | 1 Mattermost Server | 2025-03-27 | 4.3 Medium |
| Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels. | ||||
| CVE-2025-27715 | 1 Mattermost | 1 Mattermost Server | 2025-03-27 | 3.3 Low |
| Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them. | ||||
| CVE-2025-27933 | 1 Mattermost | 1 Mattermost Server | 2025-03-27 | 5.4 Medium |
| Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to fail to enforce channel conversion restrictions, which allows members with permission to convert public channels to private ones to also convert private ones to public | ||||