Total
5500 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24403 | 1 Jenkins | 1 Azure Service Fabric | 2025-10-03 | 4.3 Medium |
| A missing permission check in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of Azure credentials stored in Jenkins. | ||||
| CVE-2024-39824 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2025-10-02 | 4.9 Medium |
| Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. | ||||
| CVE-2024-39823 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2025-10-02 | 4.9 Medium |
| Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. | ||||
| CVE-2020-36852 | 2 Custom Searchable Data Entry System Project, Wordpress | 2 Custom Searchable Data Entry System, Wordpress | 2025-10-02 | 9.1 Critical |
| The Custom Searchable Data Entry System plugin for WordPress is vulnerable to unauthenticated database wiping in versions up to, and including 1.7.1, due to a missing capability check and lack of sufficient validation on the ghazale_sds_delete_entries_table_row() function. This makes it possible for unauthenticated attackers to completely wipe database tables such as wp_users. | ||||
| CVE-2025-59474 | 1 Jenkins | 1 Jenkins | 2025-10-02 | 5.3 Medium |
| Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget. | ||||
| CVE-2025-59475 | 1 Jenkins | 1 Jenkins | 2025-10-02 | 4.3 Medium |
| Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by listing available options in this menu (e.g., whether Credentials Plugin is installed). | ||||
| CVE-2025-40837 | 1 Ericsson | 2 Indoor Connect 8855, Indoor Connect 8855 Firmware | 2025-10-02 | 8.8 High |
| Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended. | ||||
| CVE-2025-46745 | 2025-10-02 | 6.5 Medium | ||
| An authenticated user without user-management permissions could view other users account information. | ||||
| CVE-2025-58009 | 2 Cp Multi View Event Calendar Project, Wordpress | 2 Cp Multi View Event Calendar, Wordpress | 2025-09-30 | 3.8 Low |
| Missing Authorization vulnerability in codepeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CP Multi View Event Calendar : from n/a through 1.4.32. | ||||
| CVE-2025-5692 | 1 Smackcoders | 1 Lead Form Data Collection To Crm | 2025-09-30 | 6.3 Medium |
| The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ~/includes/LB_admin_ajax.php file in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform several actions like updating settings. Initially this CVE was assigned specifically to all AJAX actions and the doFieldAjaxAction() function, however it was determined that CVE-2025-47690 is assigned to the doFieldAjaxAction() function that leads to arbitrary options updates. | ||||
| CVE-2025-58029 | 1 Wordpress | 1 Wordpress | 2025-09-30 | 5.3 Medium |
| Missing Authorization vulnerability in Sumit Singh Classic Widgets with Block-based Widgets allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Classic Widgets with Block-based Widgets: from n/a through 1.0.1. | ||||
| CVE-2021-39810 | 1 Google | 1 Android | 2025-09-30 | 7.8 High |
| In verifyDefaults of CardEmulationManager.java, there is a possible way to set a third party app as the default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-59011 | 1 Wordpress | 1 Wordpress | 2025-09-30 | 7.5 High |
| Missing Authorization vulnerability in shinetheme Traveler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Traveler: from n/a through n/a. | ||||
| CVE-2025-58919 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 5.3 Medium |
| Missing Authorization vulnerability in guihom Wide Banner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wide Banner: from n/a through 1.0.4. | ||||
| CVE-2025-60094 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| Missing Authorization vulnerability in Benjamin Intal Stackable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stackable: from n/a through 3.18.1. | ||||
| CVE-2025-60096 | 3 Codexthemes, Elementor, Wordpress | 3 Thegem, Elementor, Wordpress | 2025-09-29 | 5.4 Medium |
| Missing Authorization vulnerability in CodexThemes TheGem (Elementor) allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TheGem (Elementor): from n/a through 5.10.5. | ||||
| CVE-2025-60097 | 2 Codexthemes, Wordpress | 2 Thegem, Wordpress | 2025-09-29 | 5.4 Medium |
| Missing Authorization vulnerability in CodexThemes TheGem allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TheGem: from n/a through 5.10.5. | ||||
| CVE-2025-60098 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 6.5 Medium |
| Missing Authorization vulnerability in Jeff Farthing Theme My Login allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Theme My Login: from n/a through 7.1.12. | ||||
| CVE-2025-60103 | 2 Cridio, Wordpress | 2 Listingpro, Wordpress | 2025-09-29 | 5.4 Medium |
| Missing Authorization vulnerability in CridioStudio ListingPro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ListingPro: from n/a through 2.9.8. | ||||
| CVE-2024-50052 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-09-29 | 4.3 Medium |
| Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post. | ||||