Latest CVE Feed
-
4.3
MEDIUMCVE-2025-63038
Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.40.... Read more
Affected Products : wp_custom_admin_interface- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-62874
Missing Authorization vulnerability in Alexander AnyComment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through 0.3.6.... Read more
Affected Products : anycomment- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-68995
Missing Authorization vulnerability in Gal Dubinski My Sticky Elements mystickyelements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Sticky Elements: from n/a through <= 2.3.3.... Read more
Affected Products : mystickyelements- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-62734
Cross-Site Request Forgery (CSRF) vulnerability in Michael Revellin-Clerc Media Library Downloader media-library-downloader allows Cross Site Request Forgery.This issue affects Media Library Downloader: from n/a through <= 1.4.0.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-36229
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers.... Read more
- Published: Dec. 26, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-63077
Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.2.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-59130
Cross-Site Request Forgery (CSRF) vulnerability in Appointify allows Cross Site Request Forgery.This issue affects Appointify: from n/a through 1.0.8.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-49356
Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: from n/a through 1.2.0.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-63025
Missing Authorization vulnerability in Xagio SEO Xagio SEO xagio-seo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xagio SEO: from n/a through <= 7.1.0.29.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-14465
The Sticky Action Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the sabs_options_page_form_submit() function. This makes it possi... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 07, 2026
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-67637
Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller fil... Read more
Affected Products : jenkins- Published: Dec. 10, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-67638
Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not mask build authorization tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.... Read more
Affected Products : jenkins- Published: Dec. 10, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-69327
Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manager: from n/a through <= 1.0.9.... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 06, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-68422
Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read perm... Read more
Affected Products : kibana- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-62154
Missing Authorization vulnerability in Recorp AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Content Writing Assistant (Conte... Read more
Affected Products : ai_content_writing_assistant- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2022-47425
Missing Authorization vulnerability in Repute Infosystems ARMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember: from n/a through 3.4.10.... Read more
Affected Products : armember- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-14164
The Quran Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation in the quran_gateway_options function. This makes it possible for unauthenticated attacke... Read more
Affected Products :- Published: Dec. 20, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-12030
The ACF to REST API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.4. This is due to insufficient capability checks in the update_item_permissions_check() method, which only verifies that t... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 07, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-67642
Jenkins HashiCorp Vault Plugin 371.v884a_4dd60fb_6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled t... Read more
Affected Products : hashicorp_vault- Published: Dec. 10, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-15237
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability.... Read more
Affected Products :- Published: Jan. 05, 2026
- Modified: Jan. 05, 2026
- Vuln Type: Path Traversal