CVE Daily
← All tags

Tag: Security Misconfiguration

All CVEs associated with "Security Misconfiguration". Page 16/50 • 5958 CVEs.

Subscribe CVEs: RSS for “Security Misconfiguration”  ·  RSS (High+Critical only)

About “Security Misconfiguration”

A curated feed of “Security Misconfiguration”-related CVEs appears below. We currently track 5958 CVEs for this tag (all time). In the last 365 days, 2192 were published. Average CVSS is 5.9 (all time; 5.8 over 365d), and 26% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-284 - Improper Access Control, CWE-266 - Incorrect Privilege Assignment.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-09-09
Medium

CVE-2025-53340

Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Retrieve Embedded Sensitive Data.This issue affects Awesome Support: from n/a through <= 6.3.6.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-53291

Missing Authorization vulnerability in spoddev2021 Spreadconnect wc-spod.This issue affects Spreadconnect: from n/a through <= 2.1.5.

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49860

Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support.This issue affects Majestic Support: from n/a through <= 1.1.0.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-49692

Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-39553

Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 5.0.9.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-39541

Missing Authorization vulnerability in Roland Murg WP Simple Booking Calendar wp-simple-booking-calendar.This issue affects WP Simple Booking Calendar: from n/a through <= 2.0.13.

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-32688

Missing Authorization vulnerability in Nebojsa Target Video Easy Publish brid-video-easy-publish.This issue affects Target Video Easy Publish: from n/a through <= 3.8.9.

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-8712

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-55148

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R…

CVSS: 7.6 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-55145

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8…

CVSS: 8.9 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-55144

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-55142

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-55141

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-59019

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database t…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2025-59018

Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2025-59017

Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
Low

CVE-2025-42914

Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are…

CVSS: 3.1 CWE: CWE-862 - Missing Authorization View on NVD
Low

CVE-2025-42913

Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are…

CVSS: 3.1 CWE: CWE-862 - Missing Authorization View on NVD
2025-09-07
Medium

CVE-2025-10072

A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/[ID_STUDENT]/enturmar/. Performing manipulation results in improper acce…

CVSS: 6.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Medium

CVE-2025-10071

A vulnerability has been found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /cancelar-enturmacao-em-lote/. Such manipulation leads to improper access control…

CVSS: 6.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Medium

CVE-2025-10070

A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack is possible to be…

CVSS: 6.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2025-09-06
High

CVE-2024-36326

Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections during system resume from a standby state, potentially resulting in a loss of confidentiality and integrit…

CVSS: 8.4 CWE: CWE-862 - Missing Authorization View on NVD
2025-09-05
Medium

CVE-2025-53791

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

CVSS: 4.7 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-9709

On-Chip Debug and Test Interface With Improper Access Control and Improper Protection against Electromagnetic Fault Injection (EM-FI) in Nordic Semiconductor nRF52810 allow attacker to perform EM Fau…

CVSS: 8.6 CWE: CWE-1191 - On-Chip Debug and Test Interface With Improper Access Control View on NVD
Critical

CVE-2025-35451

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Medium

CVE-2025-54744

Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects M…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-53571

Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-10013

A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /exportacao-para-o-seb. Performing manipulation results in improper access controls. The a…

CVSS: 6.3 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Medium

CVE-2025-58824

Missing Authorization vulnerability in priyanshumittal Shk Corporate shk-corporate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shk Corporate: from n/a t…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58817

Missing Authorization vulnerability in desertthemes SoftMe softme allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SoftMe: from n/a through <= 1.1.27.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Low

CVE-2025-58816

Missing Authorization vulnerability in Plugin Devs Product Carousel Slider for Elementor ecommerce-product-carousel-slider-for-elementor allows Exploiting Incorrectly Configured Access Control Securi…

CVSS: 3.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58813

Missing Authorization vulnerability in themearile Consultstreet consultstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Consultstreet: from n/a throug…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58795

Missing Authorization vulnerability in Payoneer Checkout Payoneer Checkout payoneer-checkout allows Content Spoofing.This issue affects Payoneer Checkout: from n/a through <= 3.4.0.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58785

Missing Authorization vulnerability in Jiro Sasamoto Ray Enterprise Translation lingotek-translation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ray Ent…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58783

Missing Authorization vulnerability in gutentor Gutentor gutentor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutentor: from n/a through <= 3.5.5.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
2025-09-04
Medium

CVE-2022-39888

Improper access control vulnerability in retrieveExternalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to access to Proxy information.

CVSS: 4.3 CWE: N/A View on NVD
2025-09-03
Medium

CVE-2025-58639

Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms mega-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form By Meg…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58635

Missing Authorization vulnerability in DevItems Support Genix support-genix-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Support Genix: from n/a thr…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58634

Missing Authorization vulnerability in peachpay PeachPay Payments peachpay-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PeachPay Payments…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58622

Missing Authorization vulnerability in yydevelopment Mobile Contact Line mobile-contact-line allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile Contact…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58617

Missing Authorization vulnerability in FAKTOR VIER F4 Media Taxonomies f4-media-taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects F4 Media Taxonomi…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58616

Missing Authorization vulnerability in Frisbii Frisbii Pay reepay-checkout-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frisbii Pay: from n/a thr…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58613

Missing Authorization vulnerability in Barn2 Plugins Posts Table with Search & Sort posts-data-table allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Posts T…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58606

Missing Authorization vulnerability in cozythemes SaasLauncher saaslauncher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SaasLauncher: from n/a through <…

CVSS: 5.0 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58603

Missing Authorization vulnerability in Surfer Surfer surferseo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Surfer: from n/a through <= 1.6.4.574.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58601

Missing Authorization vulnerability in RadiusTheme Classified Listing classified-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Classified Listing:…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58600

Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid M…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58599

Missing Authorization vulnerability in tychesoftwares Order Delivery Date for WooCommerce order-delivery-date-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.T…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58594

Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy: from n/a through <= 2.7.12.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-3701

Missing Authorization vulnerability in Malcure Web Security Malcure Malware Scanner wp-malware-removal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Malcu…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58210

Missing Authorization vulnerability in ThemeMove Makeaholic makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Makeaholic: from n/a through <= 1.8.5.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-21037

Improper access control in Samsung Notes prior to version 4.4.30.63 allows physical attackers to access data across multiple user profiles. User interaction is required for triggering this vulnerabil…

CVSS: 4.1 CWE: N/A View on NVD
Medium

CVE-2025-21036

Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User interaction is required for triggering this vulnerability.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2025-21035

Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles.

CVSS: 4.6 CWE: N/A View on NVD
Medium

CVE-2025-21033

Improper access control in ContactProvider prior to SMR Sep-2025 Release 1 allows local attackers to access sensitive information.

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2025-21032

Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions.

CVSS: 5.9 CWE: N/A View on NVD
Medium

CVE-2025-21031

Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs.

CVSS: 6.8 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-21025

Improper access control in MARsExemptionManager prior to SMR Sep-2025 Release 1 allows local attackers to be excluded from background execution management.

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2023-21483

Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service.

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2023-21482

Missing authorization vulnerability in Camera prior to versions 11.1.02.18 in Android 11, 12.1.03.8 in Android 12 and 13.1.01.4 in Android 13 allows physical attackers to install package through Gal…

CVSS: 6.1 CWE: N/A View on NVD
Medium

CVE-2023-21471

Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system permission.

CVSS: 4.0 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2023-21470

Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action.

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2023-21469

Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action.

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2023-21468

Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission.

CVSS: 5.9 CWE: N/A View on NVD
2025-09-02
High

CVE-2025-6685

ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is req…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
2025-08-31
Critical

CVE-2024-32832

Missing Authorization vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.6.93.

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-32589

Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue aff…

CVSS: 7.1 CWE: CWE-862 - Missing Authorization View on NVD
2025-08-30
Critical

CVE-2025-54943

A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper a…

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
2025-08-28
Medium

CVE-2025-54734

Missing Authorization vulnerability in bPlugins B Slider b-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Slider: from n/a through <= 1.1.30.

CVSS: 5.8 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-54733

Missing Authorization vulnerability in all_bootstrap_blocks All Bootstrap Blocks all-bootstrap-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All Bo…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-54714

Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Proj…

CVSS: 7.1 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-54710

Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tiktok Feed: from n/a through <= 1.0.21.

CVSS: 7.1 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-53337

Missing Authorization vulnerability in Ashan Perera LifePress lifepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LifePress: from n/a through <= 2.1.3.

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-53230

Missing Authorization vulnerability in honzat Page Manager for Elementor page-manager-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page Man…

CVSS: 7.6 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-48350

Missing Authorization vulnerability in Basar Ventures AutoWP autowp-ai-content-writer-rewriter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AutoWP: from…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-48327

Missing Authorization vulnerability in inkthemes WP Mailgun SMTP wp-mailgun-smtp allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Mailgun SMTP: from n/a through <…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-7956

The Ajax Search Lite plugin for WordPress is vulnerable to Basic Information Exposure due to missing authorization in its AJAX search handler in all versions up to, and including, 4.13.1. This makes…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
2025-08-27
Medium

CVE-2025-58201

Missing Authorization vulnerability in AfterShip & Automizely AfterShip Tracking aftership-woocommerce-tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Afte…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58198

Missing Authorization vulnerability in Xpro Xpro Theme Builder xpro-theme-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Theme Builder: from n…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58193

Missing Authorization vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: fr…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-58192

Missing Authorization vulnerability in Xylus Themes WP Bulk Delete wp-bulk-delete allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bulk Delete: from n/a t…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-20348

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive i…

CVSS: 5.0 CWE: CWE-201 - Insertion of Sensitive Information Into Sent Data View on NVD
Medium

CVE-2025-20347

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive i…

CVSS: 5.4 CWE: CWE-693 - Protection Mechanism Failure View on NVD
2025-08-26
High

CVE-2025-8424

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP…

CVSS: 8.7 CWE: CWE-1284 - Improper Validation of Specified Quantity in Input View on NVD
Medium

CVE-2025-48108

Missing Authorization vulnerability in Mojoomla School Management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects School Management: from n/a through 93.2.0.

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Low

CVE-2025-8447

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by creati…

CVSS: 3.1 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
2025-08-25
Medium

CVE-2025-44178

DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper access control under its default settings. Attackers can exploit this vulnerability to gain unauthorized access to sensitive information…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2025-08-22
Medium

CVE-2025-57896

Missing Authorization vulnerability in andy_moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through <…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57894

Missing Authorization vulnerability in ollybach WPPizza wppizza allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPPizza: from n/a through <= 3.19.8.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-57884

Missing Authorization vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greens…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
2025-08-21
Critical

CVE-2025-53763

Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.

CVSS: 9.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-57755

claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing (CORS) configuration, there is a risk…

CVSS: 8.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2025-27215

An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system. Affected Products:…

CVSS: 8.1 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-27213

An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge (ADB) and make unsupported changes to the system.…

CVSS: 4.9 CWE: CWE-863 - Incorrect Authorization View on NVD
2025-08-20
Medium

CVE-2025-50864

An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing (CORS) restrictions. The library incorrectly validates the supplied origin by…

CVSS: 6.5 CWE: CWE-178 - Improper Handling of Case Sensitivity View on NVD
Medium

CVE-2025-57728

In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files

CVSS: 6.5 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2025-54040

Missing Authorization vulnerability in Webba Appointment Booking Webba Booking webba-booking-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webba Book…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-54025

Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coupon Af…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-49406

Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1.

CVSS: 8.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-49396

Missing Authorization vulnerability in themifyme Themify Builder themify-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themify Builder: from n/a t…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
2025-08-19
High

CVE-2025-8450

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page.

CVSS: 8.2 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Medium

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacke…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfigur…

CVSS: 5.3 CWE: CWE-1259 - Improper Restriction of Security Token Assignment View on NVD
High

CVE-2025-4046

A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization

CVSS: 8.5 CWE: CWE-862 - Missing Authorization View on NVD
2025-08-18
Medium

CVE-2025-27909

IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only truste…

CVSS: 5.4 CWE: CWE-942 - Permissive Cross-domain Security Policy with Untrusted Domains View on NVD
2025-08-16
Low

CVE-2017-20199

A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality of the component Vault Handler. The manipulation results in…

CVSS: 3.1 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2025-08-15
Medium

CVE-2025-8996

Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-8361

Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0.

CVSS: 7.6 CWE: CWE-962 View on NVD
Medium

CVE-2025-49432

Missing Authorization vulnerability in FWDesign Ultimate Video Player fwduvp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Video Player: from n/a…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
2025-08-14
Medium

CVE-2025-55716

Missing Authorization vulnerability in VeronaLabs WP Statistics wp-statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Statistics: from n/a throug…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-55712

Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder allows Exploiting Incorrectly Configured Access Control Secu…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-54739

Missing Authorization vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nexter Blocks…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-54730

Missing Authorization vulnerability in PARETO Digital Embedder for Google Reviews embedder-for-google-reviews allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Embedd…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-54717

Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through…

CVSS: 5.4 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-54712

Missing Authorization vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Elementor…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-53343

Missing Authorization vulnerability in GoodLayers Modernize modernize allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modernize: from n/a through <= 3.4.0.

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-53341

Missing Authorization vulnerability in Themovation App, SaaS & Software Startup Tech Theme - Stratus stratusx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-53221

Missing Authorization vulnerability in codeablepress CodeablePress codeablepress-simple-frontend-profile-picture-upload allows Exploiting Incorrectly Configured Access Control Security Levels.This is…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-20302

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-20301

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to access troubleshoot files for a different domain.…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD