228 matches found
PT-2025-53903
Name of the Vulnerable Software and Affected Versions HR Management Lite versions prior to 3.6 Description An incorrect access control configuration exists in Weblizar HR Management Lite, potentially allowing unauthorized access. The issue involves a missing authorization check. Recommendations...
CVE-2025-14446
CVE-2025-14446 affects the Popup Builder (Easy Notify Lite) WordPress plugin (versions
CVE-2025-42876
Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud Financials General Ledger, an authenticated attacker with authorization limited to a single company code could read sensitive data and post or modify documents across all company codes. Successful exploitation could...
CVE-2025-42876
CVE-2025-42876 concerns a Missing Authorization Check in SAP S/4 HANA Private Cloud (Financials General Ledger). An authenticated user limited to one company code could read data and post/modify documents across all company codes. Impact: confidentiality high, integrity low; availability unchange...
CVE-2025-42876 Missing Authorization Check in SAP S/4 HANA Private Cloud (Financials General Ledger)
Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud Financials General Ledger, an authenticated attacker with authorization limited to a single company code could read sensitive data and post or modify documents across all company codes. Successful exploitation could...
PT-2025-49770
Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on...
CVE-2025-13358
The Accessiy By CodeConfig Accessibility plugin for WordPress is vulnerable to unauthorized page creation due to missing authorization checks in versions up to, and including, 1.0.0. This is due to the plugin not performing capability checks in the Settings::createPage function. This makes it...
CVE-2025-12085 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Empty
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmsettingsemptytrash' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated...
CVE-2025-12675 KiotViet Sync <= 1.8.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update
The KiotViet Sync plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveConfig function in all versions up to, and including, 1.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...
CVE-2025-12675
CVE-2025-12675 concerns the KiotViet Sync WordPress plugin (versions up to and including 1.8.5). The vulnerability arises from a missing capability check in saveConfig(), allowing authenticated attackers with Subscriber-level access or higher to modify the plugin configuration. Multiple sources c...
CVE-2025-12675 KiotViet Sync <= 1.8.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update
The KiotViet Sync plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveConfig function in all versions up to, and including, 1.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...
CVE-2025-12134 ZoloBlocks <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable
The ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatepopupstatus function in all versions up to, and including, 2.3.11. This...
CVE-2025-12014 NGINX Cache Optimizer <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Dynamic Caching Exclusion Update
The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nginxcacheoptimizer-blacklist-update' AJAX action in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...
CVE-2025-42939
SAP S/4HANA: The Manage Processing Rules – For Bank Statements component is affected by CVE-2025-42939. An authenticated attacker with basic privileges can tamper request parameters to delete conditions from any shared rule, due to a missing authorization check, compromising integrity without imp...
EUVD-2019-1140
Malware in sbrugna...
EUVD-2019-1122
Malware in sbrugna...
EUVD-2020-27406
Malware in sbrugna...
EUVD-2020-27409
Malware in sbrugna...
EUVD-2020-27383
Malware in sbrugna...
EUVD-2025-4462
Malicious code in bioql PyPI...