CVE-2025-59018 Information Disclosure in Workspaces Module

Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access...

CVE-2025-42914 Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application)

Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. Confidentiali...

CVE-2025-42913 Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application)

Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. Confidentiali...

Zoom Workplace 安全漏洞

Zoom Workplace is a desktop application from Zoom USA. A security vulnerability exists in Zoom Workplace versions prior to 6.5.0 that stems from a missing authorization in the installer, which could result in elevated privileges...

TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system from TYPO3 open source. A security vulnerability exists in TYPO3 CMS, which stems from a lack of authorization checking in the back-end routing, which could lead to unauthorized AJAX calls. The following versions are affected: 9.5.54 and earlier, 10.4.53 a...

CVE-2025-8085

The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs...

CVE-2025-58817 WordPress SoftMe Theme <= 1.1.27 - Broken Access Control Vulnerability

Missing Authorization vulnerability in desertthemes SoftMe softme allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SoftMe: from n/a through = 1.1.27...

SAMSUNG Camera 安全漏洞

SAMSUNG Camera is a Samsung camera application from Samsung South Korea. A security vulnerability exists in SAMSUNG Camera that stems from a lack of authorization and could allow a physical attacker to install packages through the Galaxy Store before the setup wizard completes...

WordPress plugin Order Delivery Date for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2025-35747

Name of the Vulnerable Software and Affected Versions: Barn2 Plugins Posts Table with Search & Sort versions through 1.4.10 Description: The Posts Table with Search & Sort plugin contains a missing authorization flaw due to incorrectly configured access control security levels. Recommendations:...

CVE-2025-7956

The CVE-2025-7956 entry concerns Ajax Search Lite for WordPress. It exposes Basic Information through a missing authorization check in ASL_Query within the AJAX search handler, affecting versions up to 4.13.1 (some sources reference 4.13.2 as the fix). The vulnerability allows unauthenticated att...

CVE-2025-55675

Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...

WordPress plugin SMM API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-8310

CVE-2025-8310 affects Ivanti Virtual Application Delivery Controller (vADC) prior to 22.9. The admin console lacks proper authorization, enabling a remote authenticated attacker to take over admin accounts by resetting passwords. The vulnerability is mitigated by updating to version 22.9 or later...

SAP Cloud Connector 安全漏洞

SAP Cloud Connector is a tool from SAP, Germany, used to establish a secure connection between local systems and SAP Cloud Platform. A security vulnerability exists in SAP Cloud Connector that stems from a lack of authorization checks and could lead to degraded service performance...

PT-2025-32470 · Unknown · Litmuschaos

Name of the Vulnerable Software and Affected Versions: LitmusChaos versions up to 3.19.0 Description: A problematic issue exists in LitmusChaos related to missing authorization checks within the Delete Request Handler component. The vulnerability resides in the /auth/delete project/ file and is...

CVE-2025-51308

In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks...

HomeBox 安全漏洞

HomeBox is a SysAdmins Media open source inventory and organization system built for home users. A security vulnerability exists in HomeBox versions prior to 0.20.1, which stems from a lack of authorization checking and could lead to unauthorized data manipulation...

WordPress plugin Mobile DJ Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

WordPress plugin UpStream 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...