Total
4694 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32279 | 2025-04-09 | 4.3 Medium | ||
| Missing Authorization vulnerability in Shahjada Live Forms. This issue affects Live Forms: from n/a through 4.8.5. | ||||
| CVE-2009-1185 | 8 Canonical, Debian, Fedoraproject and 5 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2025-04-09 | N/A |
| udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. | ||||
| CVE-2009-3781 | 1 Quicksketch | 1 Filefield | 2025-04-09 | N/A |
| The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly check node-access permissions for Drupal core private files, which allows remote attackers to access unauthorized files via unspecified vectors. | ||||
| CVE-2009-3168 | 1 Mevin | 1 Basic Php Events Lister | 2025-04-09 | 7.2 High |
| Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin/reset.php and (2) admin/user_add.php, which allows remote authenticated users to reset administrative passwords or add administrators via a direct request. | ||||
| CVE-2009-2282 | 1 Oracle | 2 Opensolaris, Solaris | 2025-04-09 | N/A |
| The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain privileges via unknown vectors. | ||||
| CVE-2008-6548 | 1 Moinmo | 1 Moinmoin | 2025-04-09 | N/A |
| The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors. | ||||
| CVE-2024-33593 | 1 Rednao | 1 Smart Forms | 2025-04-08 | 4.3 Medium |
| Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91. | ||||
| CVE-2023-49856 | 1 Rednao | 1 Smart Forms | 2025-04-08 | 8.1 High |
| Missing Authorization vulnerability in RedNao Smart Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through 2.6.84. | ||||
| CVE-2025-32277 | 2025-04-08 | 4.3 Medium | ||
| Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 3.8211. | ||||
| CVE-2025-32258 | 2025-04-08 | 5.3 Medium | ||
| Missing Authorization vulnerability in InfoGiants Simple Website Logo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Website Logo: from n/a through 1.1. | ||||
| CVE-2025-32256 | 2025-04-08 | 5.3 Medium | ||
| Missing Authorization vulnerability in devsoftbaltic SurveyJS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects SurveyJS: from n/a through 1.12.20. | ||||
| CVE-2025-26657 | 2025-04-08 | 5.3 Medium | ||
| SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application. This has no effect on integrity and availability. | ||||
| CVE-2025-27428 | 2025-04-08 | 7.7 High | ||
| Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on confidentiality. There is no impact on integrity or availability. | ||||
| CVE-2025-2568 | 2025-04-08 | 5.3 Medium | ||
| The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the 'vayu_blocks_get_toggle_switch_values_callback' and 'vayu_blocks_save_toggle_switch_callback' function in versions 1.0.4 to 1.2.1. This makes it possible for unauthenticated attackers to read plugin options and update any option with a key name ending in '_value'. | ||||
| CVE-2025-2807 | 2025-04-08 | 8.8 High | ||
| The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvl_setup_wizard_install_plugin() function in all versions up to, and including, 1.4.64. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins on the affected site's server which may make remote code execution possible. | ||||
| CVE-2025-30017 | 2025-04-08 | 4.4 Medium | ||
| Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application. | ||||
| CVE-2025-27437 | 2025-04-08 | 4.3 Medium | ||
| A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive data without further authorization and with no effect on availability. | ||||
| CVE-2025-2876 | 2025-04-08 | 5.3 Medium | ||
| The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user. | ||||
| CVE-2025-3437 | 2025-04-08 | 4.3 Medium | ||
| The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in the ajax_actions.php file in all versions up to, and including, 1.4.66. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute several initial set-up actions. | ||||
| CVE-2025-27435 | 2025-04-08 | 4.2 Medium | ||
| Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL in SAP Commerce. This could allow the attacker to use the disclosed coupon code, hence posing a low impact on confidentiality and integrity of the application. | ||||