Lucene search
+L

198 matches found

NVD
NVD
added 2025/07/21 9:15 p.m.9 views

CVE-2025-54127

HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authenticati...

9.8CVSS0.00403EPSS
Exploits0References1
CVE
CVE
added 2025/07/16 11:28 a.m.19 views

CVE-2025-48339

CVE-2025-48339 concerns the WordPress plugin Profiler – What Slowing Down Your WP, with a Missing Authorization (Broken Access Control) vulnerability. Affected versions are n/a through 1.0.0. Root cause is incorrectly configured access control security levels leading to unauthorized access. The C...

6.5CVSS5.1AI score0.00203EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/16 10:36 a.m.3 views

CVE-2025-54047 WordPress Cost Calculator plugin <= 7.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in QuanticaLabs Cost Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cost Calculator: from n/a through 7.4...

4.3CVSS7.1AI score0.00194EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/07/10 12:0 a.m.6 views

FreeBSD : Gitlab -- vulnerabilities (20823cc0-5d45-11f0-966e-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 20823cc0-5d45-11f0-966e-2cf05da270f3 advisory. Gitlab reports: Cross-site scripting issue impacts GitLab CE/EE Improper authorization issue...

8.7CVSS8.5AI score0.00492EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.3 views

TencentOS Server 4: sssd (TSSA-2024:0124)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0124 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.1CVSS6.9AI score0.01033EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/06/15 12:0 a.m.6 views

The vulnerability of the AC system’s risk management plugin, along with compliance requirements and corporate governance in SAP GRC, allows a perpetrator to gain unauthorized access to read and modify data.

The vulnerability of the AC system’s risk management plugin, as well as issues related to compliance requirements and SAP GRC Governance, Risk, and Compliance corporate management, are linked to deficiencies in the authorization process. Exploiting this vulnerability could allow an attacker...

9CVSS5.5AI score0.00344EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/04 8:13 p.m.27 views

CVE-2025-48996

HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the haxPsuUsage API endpoint, related to a flat...

5.3CVSS7AI score0.00313EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:13 a.m.7 views

CVE-2024-1307

The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...

6.5CVSS6.7AI score0.00534EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:0 a.m.31 views

CVE-2024-47653

This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could exploit this vulnerability by placing or cancelling requests through API request body leading to...

7.1CVSS7.1AI score0.00341EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:25 a.m.12 views

CVE-2024-8042

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...

3.1CVSS6.7AI score0.00177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:31 a.m.8 views

CVE-2023-3345

The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students...

6.5CVSS6.7AI score0.01953EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:39 a.m.15 views

CVE-2023-45245

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent Linux, macOS, Windows before build 36119...

5.5CVSS6.5AI score0.00231EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:20 a.m.8 views

CVE-2022-3882

The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.o...

6.5CVSS6.8AI score0.00327EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:4 p.m.10 views

CVE-2022-3419

The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator...

6.5CVSS6.7AI score0.00332EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:19 p.m.5 views

CVE-2022-1956

The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them...

4.3CVSS6.6AI score0.00342EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:5 p.m.9 views

CVE-2022-0720

The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it...

5.5CVSS6.3AI score0.00609EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.11 views

CVE-2021-24945

The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtnexportvotes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog...

8CVSS6.6AI score0.00557EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:25 p.m.7 views

CVE-2021-25113

The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues...

5.4CVSS6.1AI score0.00595EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:25 p.m.11 views

CVE-2021-25018

The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppomsettingspanelaction AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS...

5.4CVSS5.9AI score0.00524EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:25 p.m.5 views

CVE-2021-24950

The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insightcustomizeroptionsimport available to any authenticated user, does not validate user input before passing it to unserialize, nor sanitise and escape it before outputting it in the response. ...

5.4CVSS5.9AI score0.00516EPSS
Exploits2References1
Rows per page
Query Builder