173 matches found
CVE-2025-6088
In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Although UUIDv4 conversation IDs are generated server-side and are difficult to brute force, they...
CVE-2025-42913
Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. Confidentiali...
CVE-2025-59018 Information Disclosure in Workspaces Module
Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access...
CVE-2025-9542
Summary (CVE-2025-9542) The WordPress plugin AutomatorWP – Automator (AutomatorWP) ≤ 5.3.7 is affected by a missing capability check that lets authenticated users with Subscriber-level access or higher view and modify integration settings and automations. The vulnerability affects all versions up...
PT-2025-36693
Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 9.0.0 through 9.5.54 TYPO3 CMS versions 10.0.0 through 10.4.53 TYPO3 CMS versions 11.0.0 through 11.5.47 TYPO3 CMS versions 12.0.0 through 12.4.36 TYPO3 CMS versions 13.0.0 through 13.4.17 Description: The Backend Routing...
PT-2025-36547
Name of the Vulnerable Software and Affected Versions: SAP HCM My Timesheet Fiori 2.0 application affected versions not specified Description: The SAP HCM My Timesheet Fiori 2.0 application is susceptible to a privilege escalation issue stemming from missing authorization checks. An authenticated...
SAP HCM My Timesheet Fiori 安全漏洞
SAP HCM My Timesheet Fiori is a timesheet application from SAP, Germany. A security vulnerability exists in SAP HCM My Timesheet Fiori version 2.0, which stems from a lack of authorization checking and could lead to elevated privileges...
CVE-2025-6685
ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...
SUNNET Corporate Training Management System 安全漏洞
SUNNET Corporate Training Management System is a corporate training management system from SUNNET. A security vulnerability exists in SUNNET Corporate Training Management System versions prior to 10.11, which stems from a lack of authorization checking and could lead to unauthorized application...
CVE-2025-20302
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this...
SAP ABAP Platform 安全漏洞
SAP ABAP Platform is an ABAP-based SAP solution from SAP, a German company. A security vulnerability exists in SAP ABAP Platform that stems from a lack of authorization checks and could lead to unauthorized database access...
CVE-2025-6754
The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seometricshandleconnectbuttonclick AJAX handler and the seometricshandlecustomendpoint function in all versions up to, and including, 1.0.15. Because the AJAX action only...
PT-2025-31725 · WordPress · Seo Metrics
Name of the Vulnerable Software and Affected Versions: SEO Metrics versions 1.0.5 through 1.0.15 Description: The SEO Metrics plugin for WordPress is susceptible to privilege escalation due to insufficient authorization checks. Specifically, the seo metrics handle connect button click AJAX handle...
WordPress plugin WP Human Resource Management 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Insecure Direct Object Reference (IDOR)
mautic/core is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to missing authorization checks in the segment cloning function, which allows authenticated users to clone segments even if they don’t have the necessary permissions...
Unauthorized Access To Unpublished Page Previews
mautic/core is vulnerable to Unauthorized Access to unpublished page previews. The vulnerability is due to missing authorization checks on predictable preview URLs, allowing unauthenticated users and search engines to access and index draft content...
CVE-2024-44113
Due to missing authorization checks, SAP Business Warehouse BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the...
CVE-2021-21486
SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges...
CVE-2021-24779
The WP Debugging WordPress plugin before 2.11.0 has its updatesettings function hooked to admininit and is missing any authorisation and CSRF checks, as a result, the settings can be updated by unauthenticated users...
VMware Cloud Foundation 安全漏洞
VMware Cloud Foundation is an all-in-one hybrid cloud platform from VMware. The platform includes features such as operations automation, infrastructure auto-configuration and integrated lifecycle management. VMware Cloud Foundation suffers from an authorization issue vulnerability that stems fro...