Total
5716 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-42915 | 1 Sap | 1 Fiori | 2025-09-09 | 5.4 Medium |
| Fiori app Manage Payment Blocks does not perform the necessary authorization checks, allowing an attacker with basic user privileges to abuse functionalities that should be restricted to specific user groups.This issue could impact both the confidentiality and integrity of the application without affecting the availability. | ||||
| CVE-2025-9542 | 2 Automatorwp, Wordpress | 2 Automatorwp, Wordpress | 2025-09-09 | 5.4 Medium |
| The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple plugin's functions in all versions up to, and including, 5.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify integration settings or view existing automations. | ||||
| CVE-2025-32688 | 2 Sovica, Wordpress | 2 Target Video Easy Publish, Wordpress | 2025-09-09 | 5.4 Medium |
| Missing Authorization vulnerability in Sovica Target Video Easy Publish. This issue affects Target Video Easy Publish: from n/a through 3.8.8. | ||||
| CVE-2024-36326 | 1 Amd | 3 Ryzen, Ryzen 7040, Ryzen Ai 300 | 2025-09-09 | 8.4 High |
| Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections during system resume from a standby state, potentially resulting in a loss of confidentiality and integrity. | ||||
| CVE-2025-22414 | 1 Google | 1 Android | 2025-09-09 | 7.8 High |
| In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-47792 | 1 Nextcloud | 1 Desktop | 2025-09-08 | 5 Medium |
| Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service. Nextcloud Desktop fixes the issue in version 3.15. No known workarounds are available. | ||||
| CVE-2025-7040 | 1 Wordpress | 1 Wordpress | 2025-09-08 | 8.2 High |
| The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'set_organization_settings' action of the csso_handle_actions() function in all versions up to, and including, 1.0.19. The handler reads client-supplied POST parameters for organization settings and passes them directly to update_option() without any check of the user’s capabilities or a CSRF nonce. This makes it possible for unauthenticated attackers to change critical configuration (including toggling signing and encryption), potentially breaking the SSO flow and causing a denial-of-service. | ||||
| CVE-2025-48547 | 1 Google | 1 Android | 2025-09-08 | 7.3 High |
| In multiple locations, there is a possible one-time permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-0028 | 1 Google | 1 Android | 2025-09-08 | 5.5 Medium |
| In Audio Service, there is a possible way to obtain MAC addresses of nearby Bluetooth devices due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-58824 | 1 Wordpress | 1 Wordpress | 2025-09-08 | 4.3 Medium |
| Missing Authorization vulnerability in webriti Shk Corporate allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shk Corporate: from n/a through 2.4.1.1. | ||||
| CVE-2025-26437 | 1 Google | 1 Android | 2025-09-08 | 5.5 Medium |
| In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-26445 | 1 Google | 1 Android | 2025-09-08 | 5.5 Medium |
| In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-26440 | 1 Google | 1 Android | 2025-09-08 | 7.8 High |
| In multiple functions of CameraService.cpp, there is a possible way to use the camera from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-26450 | 1 Google | 1 Android | 2025-09-08 | 7.8 High |
| In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48524 | 1 Google | 1 Android | 2025-09-08 | 5.5 Medium |
| In isSystem of WifiPermissionsUtil.java, there is a possible permission bypass due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-58813 | 1 Wordpress | 1 Wordpress | 2025-09-07 | 4.3 Medium |
| Missing Authorization vulnerability in ThemeArile Consultstreet allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Consultstreet: from n/a through 3.0.0. | ||||
| CVE-2025-58817 | 1 Wordpress | 1 Wordpress | 2025-09-07 | 4.3 Medium |
| Missing Authorization vulnerability in DesertThemes SoftMe allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SoftMe: from n/a through 1.1.24. | ||||
| CVE-2025-58783 | 2 Gutentor, Wordpress | 2 Gutentor, Wordpress | 2025-09-07 | 4.3 Medium |
| Missing Authorization vulnerability in gutentor Gutentor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutentor: from n/a through 3.5.1. | ||||
| CVE-2025-53571 | 1 Wordpress | 1 Wordpress | 2025-09-07 | 6.5 Medium |
| Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HAPPY: from n/a through 1.0.6. | ||||
| CVE-2025-58816 | 2025-09-05 | 3.5 Low | ||
| Missing Authorization vulnerability in Plugin Devs Product Carousel Slider for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Carousel Slider for Elementor: from n/a through 2.1.3. | ||||