Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-43004 | 2025-05-13 | N/A | 5.3 MEDIUM | ||
| Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards (PODs) that enable outside users to access customer data when they access these dashboards. Since no mechanisms exist to enforce authentication, malicious unauthenticated users can view non-sensitive customer information. However, this does not affect data integrity or availability. | |||||
| CVE-2025-43007 | 2025-05-13 | N/A | 6.3 MEDIUM | ||
| SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on confidentiality, integrity and availability of the application. | |||||
| CVE-2025-43009 | 2025-05-13 | N/A | 6.3 MEDIUM | ||
| SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application. | |||||
| CVE-2025-43011 | 2025-05-13 | N/A | 7.7 HIGH | ||
| Under certain conditions, SAP Landscape Transformation's PCL Basis module does not perform the necessary authorization checks, allowing authenticated users to access restricted functionalities or data. This can lead to a high impact on confidentiality with no impact on the integrity or availability of the application. | |||||
| CVE-2025-43000 | 2025-05-13 | N/A | 7.9 HIGH | ||
| Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application. | |||||
| CVE-2025-43008 | 2025-05-13 | N/A | 5.8 MEDIUM | ||
| Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability. | |||||
| CVE-2025-47628 | 1 Quomodosoft | 1 Qs Dark Mode | 2025-05-12 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in quomodosoft QS Dark Mode allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QS Dark Mode: from n/a through 3.0. | |||||
| CVE-2025-21416 | 1 Microsoft | 1 Azure Virtual Desktop | 2025-05-12 | N/A | 8.8 HIGH |
| Missing authorization in Azure Virtual Desktop allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-2816 | 1 A3rev | 1 Page View Count | 2025-05-12 | N/A | 8.1 HIGH |
| The Page View Count plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the yellow_message_dontshow() function in versions 2.8.0 to 2.8.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to one on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration. | |||||
| CVE-2025-3960 | 1 Withstars | 1 Books-management-system | 2025-05-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in withstars Books-Management-System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /allreaders.html of the component Background Interface. The manipulation leads to missing authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-3963 | 1 Withstars | 1 Books-management-system | 2025-05-12 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in withstars Books-Management-System 1.0. This issue affects some unknown processing of the file /admin/article/list of the component Background Interface. The manipulation leads to missing authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-3977 | 1 Iteachyou | 1 Dreamer Cms | 2025-05-12 | N/A | N/A |
| A vulnerability was found in iteachyou Dreamer CMS up to 4.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/attachment/download of the component Attachment Handler. The manipulation of the argument ID leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3980 | 1 Wowjoy | 1 Internet Doctor Workstation System | 2025-05-12 | N/A | 5.3 MEDIUM |
| A vulnerability classified as problematic was found in wowjoy ?????????????? Internet Doctor Workstation System 1.0. This vulnerability affects unknown code of the file /v1/prescription/list. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3981 | 1 Wowjoy | 1 Internet Doctor Workstation System | 2025-05-12 | N/A | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in wowjoy ?????????????? Internet Doctor Workstation System 1.0. This issue affects some unknown processing of the file /v1/prescription/details/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6066 | 1 Kishorkhambu | 1 Wp Custom Widget Area | 2025-05-12 | N/A | 4.3 MEDIUM |
| The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site. | |||||
| CVE-2023-5533 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | N/A | 9.8 CRITICAL |
| The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users. | |||||
| CVE-2024-0453 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | N/A | 7.7 HIGH |
| The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete files from a linked OpenAI account. | |||||
| CVE-2024-0452 | 1 Quantumcloud | 1 Ai Chatbot | 2025-05-12 | N/A | 7.7 HIGH |
| The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files to a linked OpenAI account. | |||||
| CVE-2024-0451 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | N/A | 5.0 MEDIUM |
| The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to list files existing in a linked OpenAI account. | |||||
| CVE-2021-38388 | 1 Linecorp | 1 Central Dogma | 2025-05-12 | 6.5 MEDIUM | 8.8 HIGH |
| Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project. | |||||