Total
5585 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-48326 | 2025-09-26 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Acclectic Media Acclectic Media Organizer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Acclectic Media Organizer: from n/a through 1.4. | |||||
| CVE-2025-60165 | 2025-09-26 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in HaruTheme Frames allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frames: from n/a through 1.5.7. | |||||
| CVE-2025-60129 | 2025-09-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Yext Yext allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Yext: from n/a through 1.1.3. | |||||
| CVE-2025-60116 | 2025-09-26 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.3. | |||||
| CVE-2025-60155 | 2025-09-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in loopus WP Virtual Assistant allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Virtual Assistant: from n/a through 3.0. | |||||
| CVE-2025-60143 | 2025-09-26 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in netgsm Netgsm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Netgsm: from n/a through 2.9.58. | |||||
| CVE-2025-60127 | 2025-09-26 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in ArtistScope CopySafe Web Protection allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CopySafe Web Protection: from n/a through 4.3. | |||||
| CVE-2025-60148 | 2025-09-26 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in wpshuffle Subscribe to Download allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Subscribe to Download: from n/a through 2.0.9. | |||||
| CVE-2025-59011 | 2025-09-26 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in shinetheme Traveler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Traveler: from n/a through n/a. | |||||
| CVE-2025-60152 | 2025-09-26 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in wpshuffle Subscribe To Unlock allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Subscribe To Unlock: from n/a through 1.1.5. | |||||
| CVE-2025-60128 | 2025-09-26 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WP Delicious Delisho allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Delisho: from n/a through 1.1.3. | |||||
| CVE-2025-60130 | 2025-09-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in wedos.com WEDOS Global allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEDOS Global: from n/a through 1.2.2. | |||||
| CVE-2025-54458 | 1 Mattermost | 1 Confluence | 2025-09-25 | N/A | 5.0 MEDIUM |
| Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint. | |||||
| CVE-2025-53910 | 1 Mattermost | 1 Confluence | 2025-09-25 | N/A | 4.0 MEDIUM |
| Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint. | |||||
| CVE-2025-53857 | 1 Mattermost | 1 Confluence | 2025-09-25 | N/A | 3.7 LOW |
| Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint. | |||||
| CVE-2025-48731 | 1 Mattermost | 1 Confluence | 2025-09-25 | N/A | 6.4 MEDIUM |
| Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have access for via edit subscription endpoint. | |||||
| CVE-2025-44001 | 1 Mattermost | 1 Confluence | 2025-09-25 | N/A | 4.0 MEDIUM |
| Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the Get Channel Subscriptions details endpoint. | |||||
| CVE-2025-54943 | 1 Sun.net | 1 Ehrd Ctms | 2025-09-25 | N/A | 9.8 CRITICAL |
| A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks. | |||||
| CVE-2025-49221 | 1 Mattermost | 1 Confluence | 2025-09-24 | N/A | 3.7 LOW |
| Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to access subscription details without via API call to GET subscription endpoint. | |||||
| CVE-2025-55148 | 1 Ivanti | 4 Connect Secure, Neurons For Secure Access, Policy Secure and 1 more | 2025-09-24 | N/A | 7.6 HIGH |
| Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings. | |||||