Lucene search
K

228 matches found

Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.8 views

PT-2025-53903

Name of the Vulnerable Software and Affected Versions HR Management Lite versions prior to 3.6 Description An incorrect access control configuration exists in Weblizar HR Management Lite, potentially allowing unauthorized access. The issue involves a missing authorization check. Recommendations...

6.4AI score0.00175EPSS
Exploits0References3
CVE
CVE
added 2025/12/13 4:31 a.m.16 views

CVE-2025-14446

CVE-2025-14446 affects the Popup Builder (Easy Notify Lite) WordPress plugin (versions

6.5CVSS4.7AI score0.00221EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/10 2:32 a.m.7 views

CVE-2025-42876

Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud Financials General Ledger, an authenticated attacker with authorization limited to a single company code could read sensitive data and post or modify documents across all company codes. Successful exploitation could...

7.1CVSS6.5AI score0.00265EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 2:14 a.m.19 views

CVE-2025-42876

CVE-2025-42876 concerns a Missing Authorization Check in SAP S/4 HANA Private Cloud (Financials General Ledger). An authenticated user limited to one company code could read data and post/modify documents across all company codes. Impact: confidentiality high, integrity low; availability unchange...

7.1CVSS6.1AI score0.00265EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/09 2:14 a.m.36 views

CVE-2025-42876 Missing Authorization Check in SAP S/4 HANA Private Cloud (Financials General Ledger)

Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud Financials General Ledger, an authenticated attacker with authorization limited to a single company code could read sensitive data and post or modify documents across all company codes. Successful exploitation could...

7.1CVSS0.00265EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-49770

Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on...

5.5CVSS6.4AI score0.00269EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/07 6:5 a.m.12 views

CVE-2025-13358

The Accessiy By CodeConfig Accessibility plugin for WordPress is vulnerable to unauthorized page creation due to missing authorization checks in versions up to, and including, 1.0.0. This is due to the plugin not performing capability checks in the Settings::createPage function. This makes it...

5.3CVSS5.5AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/21 5:32 a.m.8 views

CVE-2025-12085 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Empty

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ehcrmsettingsemptytrash' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated...

4.3CVSS0.00168EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/05 7:27 a.m.4 views

CVE-2025-12675 KiotViet Sync <= 1.8.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The KiotViet Sync plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveConfig function in all versions up to, and including, 1.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...

4.3CVSS4.7AI score0.00184EPSS
Exploits0References2
CVE
CVE
added 2025/11/05 7:27 a.m.17 views

CVE-2025-12675

CVE-2025-12675 concerns the KiotViet Sync WordPress plugin (versions up to and including 1.8.5). The vulnerability arises from a missing capability check in saveConfig(), allowing authenticated attackers with Subscriber-level access or higher to modify the plugin configuration. Multiple sources c...

4.3CVSS4.7AI score0.00184EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/05 7:27 a.m.9 views

CVE-2025-12675 KiotViet Sync <= 1.8.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The KiotViet Sync plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveConfig function in all versions up to, and including, 1.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...

4.3CVSS0.00184EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/24 9:23 a.m.4 views

CVE-2025-12134 ZoloBlocks <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable

The ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatepopupstatus function in all versions up to, and including, 2.3.11. This...

5.3CVSS4.9AI score0.00219EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/24 8:24 a.m.9 views

CVE-2025-12014 NGINX Cache Optimizer <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Dynamic Caching Exclusion Update

The NGINX Cache Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nginxcacheoptimizer-blacklist-update' AJAX action in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...

4.3CVSS0.00184EPSS
Exploits0References2
CVE
CVE
added 2025/10/14 12:18 a.m.11 views

CVE-2025-42939

SAP S/4HANA: The Manage Processing Rules – For Bank Statements component is affected by CVE-2025-42939. An authenticated attacker with basic privileges can tamper request parameters to delete conditions from any shared rule, due to a missing authorization check, compromising integrity without imp...

4.3CVSS6.3AI score0.00214EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-1140

Malware in sbrugna...

4.3CVSS4.9AI score0.0055EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-1122

Malware in sbrugna...

7.2CVSS7AI score0.01247EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-27406

Malware in sbrugna...

5.4CVSS5.6AI score0.00627EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-27409

Malware in sbrugna...

6.5CVSS6.6AI score0.00774EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-27383

Malware in sbrugna...

4.3CVSS4.8AI score0.00742EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-4462

Malicious code in bioql PyPI...

6.6AI score
Exploits0References2
Rows per page
Query Builder