Export limit exceeded: 337358 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7021 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27437 | 2025-04-08 | 4.3 Medium | ||
| A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive data without further authorization and with no effect on availability. | ||||
| CVE-2025-27435 | 2025-04-08 | 4.2 Medium | ||
| Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL in SAP Commerce. This could allow the attacker to use the disclosed coupon code, hence posing a low impact on confidentiality and integrity of the application. | ||||
| CVE-2025-2568 | 2025-04-08 | 5.3 Medium | ||
| The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the 'vayu_blocks_get_toggle_switch_values_callback' and 'vayu_blocks_save_toggle_switch_callback' function in versions 1.0.4 to 1.2.1. This makes it possible for unauthenticated attackers to read plugin options and update any option with a key name ending in '_value'. | ||||
| CVE-2024-36246 | 1 Yokogawa Rental Lease Corporation | 2 Unifier, Unifier Cast | 2025-04-08 | 9.8 Critical |
| Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted. | ||||
| CVE-2024-53258 | 1 Autolabproject | 1 Autolab | 2025-04-07 | 5.3 Medium |
| Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the download_all_submissions feature. This can allow for leakage of submissions to unauthorized users, such as downloading submissions from other students in the class, or even instructor test submissions, given they know their user IDs. This issue has been patched in commit `1aa4c769` which is not yet in a release version, but is expected to be included in version 3.0.3. Users are advised to either manually patch or to wait for version 3.0.3. As a workaround administrators can disable the feature. | ||||
| CVE-2023-38386 | 1 Ninjaforms | 1 Ninja Forms | 2025-04-07 | 7.6 High |
| Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25. | ||||
| CVE-2025-32217 | 2025-04-07 | 5.4 Medium | ||
| Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ai Image Alt Text Generator for WP: from n/a through 1.0.8. | ||||
| CVE-2025-32218 | 2025-04-07 | 5.4 Medium | ||
| Missing Authorization vulnerability in RealMag777 TableOn – WordPress Posts Table Filterable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TableOn – WordPress Posts Table Filterable: from n/a through 1.0.4. | ||||
| CVE-2023-47826 | 1 Nicheaddons | 2 Restaurant \& Cafe Addon For Elementor, Restaurant And Cafe Addon For Elementor | 2025-04-07 | 6.5 Medium |
| Missing Authorization vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.3. | ||||
| CVE-2025-31896 | 2025-04-07 | 6.5 Medium | ||
| Missing Authorization vulnerability in istmoplugins GetBookingsWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GetBookingsWP: from n/a through 1.1.27. | ||||
| CVE-2025-31909 | 2025-04-07 | 7.5 High | ||
| Missing Authorization vulnerability in NotFound Apptivo Business Site CRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Apptivo Business Site CRM: from n/a through 5.3. | ||||
| CVE-2025-31739 | 2025-04-07 | 6.4 Medium | ||
| Missing Authorization vulnerability in Manuel Schmalstieg Minimalistic Event Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Minimalistic Event Manager: from n/a through 1.1.1. | ||||
| CVE-2025-30915 | 2025-04-07 | 6.5 Medium | ||
| Missing Authorization vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.19. | ||||
| CVE-2025-31746 | 2025-04-07 | 6.4 Medium | ||
| Missing Authorization vulnerability in Think201 Clients allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clients: from n/a through 1.1.4. | ||||
| CVE-2025-31758 | 2025-04-07 | 6.5 Medium | ||
| Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Free Woocommerce Product Table View: from n/a through 1.78. | ||||
| CVE-2025-31795 | 2025-04-07 | 6.5 Medium | ||
| Missing Authorization vulnerability in Plugin Devs Shopify to WooCommerce Migration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shopify to WooCommerce Migration: from n/a through 1.3.0. | ||||
| CVE-2025-30916 | 2025-04-07 | 6.5 Medium | ||
| Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Residential Address Detection: from n/a through 2.5.4. | ||||
| CVE-2025-31768 | 2025-04-07 | 6.5 Medium | ||
| Missing Authorization vulnerability in OTWthemes Widget Manager Light allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Widget Manager Light: from n/a through 1.18. | ||||
| CVE-2025-31729 | 2025-04-07 | 6.5 Medium | ||
| Missing Authorization vulnerability in jeffikus WooTumblog allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooTumblog: from n/a through 2.1.4. | ||||
| CVE-2025-31794 | 2025-04-07 | 5.4 Medium | ||
| Missing Authorization vulnerability in Web Ready Now WR Price List Manager For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WR Price List Manager For Woocommerce: from n/a through 1.0.8. | ||||