CVE-2025-12372 The Permalinks Cascade <= 2.2 - Missing Authorization To Authenticated (Subscriber+) Plugin Settings Update

The Permalinks Cascade plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action in the handleTPCAdminAjaxRequest function. This makes it possible for...

CVE-2025-63291

When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the specified MongoDB object ID. By specifying...

CVE-2025-64265

Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.2...

File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function

Summary It has been found an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. This vulnerability allows any authenticated user with share permissions to delete other users' shared links without authorization checks. The impact is...

AZL-70169 CVE-2025-12817 affecting package postgresql for versions less than 16.11-1

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before...

EUVD-2025-163785

Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through = 0.18.8...

CVE-2025-64402

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "OLE objects" linked to...

CVE-2025-64407 Apache OpenOffice: URL fetching can be used to exfiltrate arbitrary INI file values and environment variables

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. Such links could also be used to transmit system information, such as environment variable...

CVE-2025-42899

SAP S4CORE Manage journal entries does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. This has low impact on confidentiality of the application with no impact on integrity and availability of the application...

CVE-2025-30398

Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network...

CVE-2025-11237 Make Email Customizer for WooCommerce <= 1.0.6 - Subscriber+ Arbitrary Options Update

The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options...

CVE-2025-11996 Find Unused Images <= 1.0.7 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion

The Find Unused Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the fuideleteimage and fuideleteallimages functiosn in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to delete all of a site...

CVE-2025-42899 Missing Authorization check in SAP S4CORE (Manage Journal Entries)

SAP S4CORE Manage journal entries does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. This has low impact on confidentiality of the application with no impact on integrity and availability of the application...

CVE-2025-12925

CVE-2025-12925 affects the rymcu forest project. The security issue is in UserDicController.java (functions getAll, addDic, getAllDic, deleteDic) where missing authorization enables remote exploitation. Descriptions across multiple sources confirm the vulnerability allows unauthorized access and ...

CVE-2025-53214

Missing Authorization vulnerability in sertifier Sertifier Certificate & Badge Maker sertifier-certificates-open-badges allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sertifier Certificate & Badge Maker: from n/a through = 1.21...

CVE-2025-64323 kgateway is missing xDS authorization

kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend...

CVE-2025-54711

Missing Authorization vulnerability in bPlugins Info Cards info-cards allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Info Cards: from n/a through = 1.0.11...

CVE-2025-49394

Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Image Gallery block – Create and display photo gallery/photo album.: from n/a...

CVE-2025-58207 WordPress Ai Image Alt Text Generator for WP Plugin <= 1.1.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Image Alt Text Generator for WP: from n/a through = 1.1.5...

CVE-2025-58207

The CVE-2025-58207 entry concerns the WordPress plugin Ai Image Alt Text Generator for WP, affected versions