Lucene search
+L

99 matches found

NVD
NVD
added 2025/11/19 5:15 p.m.19 views

CVE-2025-34331

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allowing remote, unauthenticated users to request...

8.7CVSS0.00517EPSS
Exploits2References4
NVD
NVD
added 2025/10/17 9:15 p.m.6 views

CVE-2025-62651

The Restaurant Brands International RBI assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface...

6.5CVSS0.0036EPSS
Exploits1References5
OSV
OSV
added 2025/10/17 9:15 p.m.5 views

CVE-2025-62651

The Restaurant Brands International RBI assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface...

5.8CVSS5.8AI score0.0036EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-43539

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00336EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-40164

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00362EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/20 8:2 a.m.3 views

CVE-2025-54040 WordPress Webba Booking <= 5.1.20 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Webba Appointment Booking Webba Booking webba-booking-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webba Booking: from n/a through = 5.1.20...

6.5CVSS5.9AI score0.00333EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/14 6:21 p.m.6 views

CVE-2025-55716 WordPress WP Statistics Plugin <= 14.15 - Broken Access Control Vulnerability

Missing Authorization vulnerability in VeronaLabs WP Statistics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Statistics: from n/a through 14.15...

4.3CVSS7.1AI score0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/20 3:3 p.m.13 views

CVE-2025-50034 WordPress Enhanced Blocks – Page Builder Blocks for Gutenberg plugin <= 1.4.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Mahmudul Hasan Arif Enhanced Blocks – Page Builder Blocks for Gutenberg enhanced-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Blocks – Page Builder Blocks for Gutenberg: from n/a through = 1.4.1...

6.5CVSS0.00269EPSS
Exploits0References1
CVE
CVE
added 2025/06/18 9:26 a.m.20 views

CVE-2025-23999

CVE-2025-23999 is a Missing Authorization / Broken Access Control vulnerability impacting the Breeze WordPress Cache Plugin (WordPress Breeze). Public sources confirm the affected range as Breeze versions up to and including 2.2.13. The underlying issue is an access-control misconfiguration that ...

4.3CVSS5.9AI score0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/17 3:1 p.m.3 views

CVE-2025-49872 WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WPExperts.io myCred allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects myCred: from n/a through 2.9.4.2...

5.3CVSS7.1AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/09 3:54 p.m.17 views

CVE-2025-47463 WordPress Stock Locations for WooCommerce plugin <= 2.8.6 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Locations for WooCommerce: from n/a through = 2.8.6...

7.1CVSS0.00305EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/06 12:54 p.m.4 views

CVE-2025-29006 WordPress Direct Checkout for WooCommerce Lite plugin <= 1.0.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in centangle Direct Checkout for WooCommerce Lite woo-direct-checkout-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Direct Checkout for WooCommerce Lite: from n/a through = 1.0.3...

5.3CVSS5.2AI score0.00273EPSS
Exploits0References1
CVE
CVE
added 2025/06/06 12:54 p.m.44 views

CVE-2025-30927

CVE-2025-30927 (Wordapp, WordPress): Missing Authorization due to incorrectly configured access control affects Wordapp plugin versions up to 1.7.0. CVSS 3.1/4.3 (Base 4.3; Network attack vector, Low complexity, Privileges Required: Low, No user interaction; Confidentiality impact: Low). The conn...

4.3CVSS5.9AI score0.00242EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/06 12:54 p.m.7 views

CVE-2025-30934 WordPress 診断ジェネレータ作成プラグイン plugin <= 1.4.16 - Broken Access Control Vulnerability

Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン os-diagnosis-generator allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 診断ジェネレータ作成プラグイン: from n/a through = 1.4.16...

5.3CVSS5.7AI score0.00257EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/06 12:53 p.m.7 views

CVE-2025-49270 WordPress WP-CRM System <= 3.4.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Mario Peshev WP-CRM System allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-CRM System: from n/a through 3.4.2...

5.3CVSS7.1AI score0.00273EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/06 12:53 p.m.3 views

CVE-2025-49240 WordPress DocsPress plugin <= 2.5.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in nK DocsPress docspress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DocsPress: from n/a through = 2.5.2...

4.3CVSS5.1AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:55 a.m.6 views

CVE-2024-21665

ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in...

4.3CVSS4.5AI score0.0049EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:42 a.m.14 views

CVE-2024-37204

Missing Authorization vulnerability in PropertyHive PropertyHive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through 2.0.9...

4.3CVSS6.9AI score0.00382EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:13 p.m.4 views

CVE-2021-39916

Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5....

4.3CVSS5.9AI score0.00806EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/19 5:25 p.m.19 views

CVE-2025-39412 WordPress Master Slider plugin <= 3.11.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in averta Master Slider master-slider.This issue affects Master Slider: from n/a through = 3.11.0...

4.3CVSS8.6AI score0.00198EPSS
Exploits0References1
Rows per page
Query Builder