Total
5241 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-49829 | 1 Cyberark | 1 Conjur | 2025-09-11 | N/A | 6.5 MEDIUM |
| Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue. | |||||
| CVE-2025-53348 | 2025-09-11 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Laborator Kalium. This issue affects Kalium: from n/a through 3.18.3. | |||||
| CVE-2025-39553 | 2025-09-11 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in andy_moyle Church Admin. This issue affects Church Admin: from n/a through 5.0.9. | |||||
| CVE-2025-39541 | 2025-09-11 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Roland Murg WP Simple Booking Calendar. This issue affects WP Simple Booking Calendar: from n/a through 2.0.13. | |||||
| CVE-2025-53291 | 2025-09-11 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in spoddev2021 Spreadconnect. This issue affects Spreadconnect: from n/a through 2.1.5. | |||||
| CVE-2025-49860 | 2025-09-11 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Majestic Support Majestic Support. This issue affects Majestic Support: from n/a through 1.1.0. | |||||
| CVE-2025-53340 | 2025-09-11 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in awesomesupport Awesome Support. This issue affects Awesome Support: from n/a through 6.3.4. | |||||
| CVE-2025-58753 | 2025-09-11 | N/A | N/A | ||
| Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature (the `shr` global-option). When a share was created for just one file inside a folder, it was possible to access the other files inside that folder by guessing the filenames. It was not possible to descend into subdirectories in this manner; only the sibling files were accessible. This issue did not affect filekeys or dirkeys. Version 1.19.8 fixes the issue. | |||||
| CVE-2025-58976 | 2025-09-11 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0. | |||||
| CVE-2025-58981 | 2025-09-11 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0. | |||||
| CVE-2025-58980 | 2025-09-11 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Export WP Page to Static HTML/CSS: from n/a through 4.1.0. | |||||
| CVE-2025-59005 | 2025-09-11 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in frenify Categorify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Categorify: from n/a through 1.0.7.5. | |||||
| CVE-2025-58978 | 2025-09-11 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WP Swings PDF Generator for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Generator for WordPress: from n/a through 1.5.4. | |||||
| CVE-2025-58979 | 2025-09-11 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in BerqWP BerqWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BerqWP: from n/a through 2.2.53. | |||||
| CVE-2025-9979 | 2025-09-11 | N/A | 4.3 MEDIUM | ||
| The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. This is due to missing capability checks on the Maspik_spamlog_download_csv function. This makes it possible for authenticated attackers, with subscriber-level access and above, to export and download the spam log database containing blocked submission attempts, which may include misclassified but legitimate submissions with sensitive data. | |||||
| CVE-2025-8423 | 2025-09-11 | N/A | 5.4 MEDIUM | ||
| The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mtswpt_remove_plugin() and ajax_update_export_code() functions in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read and delete arbitrary WordPress options which can cause a denial of service. | |||||
| CVE-2025-8778 | 2025-09-11 | N/A | 4.3 MEDIUM | ||
| The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropack_set_compression_ajax() function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the nitropack-enableCompression option and effectively change plugin compression settings. | |||||
| CVE-2025-10040 | 2025-09-11 | N/A | 7.7 HIGH | ||
| The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ftp_details' AJAX action in all versions up to, and including, 7.27. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve a configured set of SFTP/FTP credentials. | |||||
| CVE-2025-8425 | 2025-09-11 | N/A | 8.8 HIGH | ||
| The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_import_strings() function in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2025-0763 | 2025-09-11 | N/A | 4.3 MEDIUM | ||
| The Ultimate Classified Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_custom_fields function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change plugin custom fields. | |||||