Total
5709 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60123 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| Missing Authorization vulnerability in HivePress HivePress Claim Listings allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HivePress Claim Listings: from n/a through 1.1.3. | ||||
| CVE-2025-60155 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 5.3 Medium |
| Missing Authorization vulnerability in loopus WP Virtual Assistant allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Virtual Assistant: from n/a through 3.0. | ||||
| CVE-2025-60148 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| Missing Authorization vulnerability in wpshuffle Subscribe to Download allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Subscribe to Download: from n/a through 2.0.9. | ||||
| CVE-2025-60120 | 2 Wordpress, Wpdirectorykit | 2 Wordpress, Wp Directory Kit | 2025-09-29 | 5.3 Medium |
| Missing Authorization vulnerability in wpdirectorykit WP Directory Kit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Directory Kit: from n/a through 1.3.8. | ||||
| CVE-2025-60127 | 2 Artistscope, Wordpress | 2 Copysafe Web Protection, Wordpress | 2025-09-29 | 5.4 Medium |
| Missing Authorization vulnerability in ArtistScope CopySafe Web Protection allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CopySafe Web Protection: from n/a through 4.3. | ||||
| CVE-2025-60165 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| Missing Authorization vulnerability in HaruTheme Frames allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frames: from n/a through 1.5.7. | ||||
| CVE-2025-60159 | 3 Webmaniabr, Woocommerce, Wordpress | 3 Nota Fiscal Eletronica, Woocommerce, Wordpress | 2025-09-29 | 4.3 Medium |
| Missing Authorization vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nota Fiscal Eletrônica WooCommerce: from n/a through 3.4.0.6. | ||||
| CVE-2025-60129 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 5.3 Medium |
| Missing Authorization vulnerability in Yext Yext allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Yext: from n/a through 1.1.3. | ||||
| CVE-2025-60128 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 4.3 Medium |
| Missing Authorization vulnerability in WP Delicious Delisho allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Delisho: from n/a through 1.1.3. | ||||
| CVE-2025-60143 | 2 Netgsm, Wordpress | 2 Netgsm, Wordpress | 2025-09-29 | 4.3 Medium |
| Missing Authorization vulnerability in netgsm Netgsm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Netgsm: from n/a through 2.9.58. | ||||
| CVE-2025-9984 | 2 Fifu, Wordpress | 2 Featured Image From Url, Wordpress | 2025-09-26 | 5.3 Medium |
| The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the fifu_api_debug_posts() function in all versions up to, and including, 5.2.7. This makes it possible for unauthenticated attackers to read private/password protected posts. | ||||
| CVE-2025-10173 | 4 Elementor, Roxnor, Woocommerce and 1 more | 4 Elementor, Shopengine Elementor Woocommerce Builder Addon, Woocommerce and 1 more | 2025-09-26 | 2.7 Low |
| The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized access due to an incorrect capability check on the post_save() function in all versions up to, and including, 4.8.3. This makes it possible for authenticated attackers, with Editor-level access and above, to update the plugin's settings. | ||||
| CVE-2025-46586 | 1 Huawei | 1 Harmonyos | 2025-09-26 | 5.1 Medium |
| Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-31171 | 1 Huawei | 1 Harmonyos | 2025-09-26 | 6.8 Medium |
| File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-5899 | 1 Google | 3 Bazel For Android Studio, Bazel For Clion, Bazel For Intellij | 2025-09-26 | 3.3 Low |
| When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls ProjectManager.getInstance().createProject. This method, as its name suggests is intended to create a new project, not to import an existing one. We recommend upgrading to version 2024.06.04.0.2 or beyond for the IntelliJ, CLion and Android Studio Bazel plugins. | ||||
| CVE-2025-59828 | 1 Anthropics | 1 Claude Code | 2025-09-26 | N/A |
| Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to the user accepting the risks of working in an untrusted directory. Users running Yarn Classic were unaffected by this issue. This issue has been fixed in version 1.0.39. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. | ||||
| CVE-2025-54458 | 1 Mattermost | 2 Confluence, Mattermost | 2025-09-25 | 5 Medium |
| Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint. | ||||
| CVE-2025-53910 | 1 Mattermost | 2 Confluence, Mattermost | 2025-09-25 | 4 Medium |
| Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint. | ||||
| CVE-2025-53857 | 1 Mattermost | 2 Confluence, Mattermost | 2025-09-25 | 3.7 Low |
| Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint. | ||||
| CVE-2025-48731 | 1 Mattermost | 2 Confluence, Mattermost | 2025-09-25 | 6.4 Medium |
| Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have access for via edit subscription endpoint. | ||||