Total
6211 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32466 | 1 Tolgee | 1 Tolgee | 2025-09-11 | 2.7 Low |
| Tolgee is an open-source localization platform. For the `/v2/projects/translations` and `/v2/projects/{projectId}/translations` endpoints, translation data was returned even when API key was missing `translation.view` scope. However, it was impossible to fetch the data when user was missing this scope. So this is only relevant for API keys generated by users permitted to `translation.view`. This vulnerability is fixed in v3.57.2 | ||||
| CVE-2025-53825 | 1 Dokploy | 1 Dokploy | 2025-09-11 | 9.4 Critical |
| Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This exposes secrets and potentially enables remote code execution, putting all public Dokploy users using these preview deployments at risk. Version 0.24.3 contains a fix for the issue. | ||||
| CVE-2025-39553 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 4.3 Medium |
| Missing Authorization vulnerability in andy_moyle Church Admin. This issue affects Church Admin: from n/a through 5.0.9. | ||||
| CVE-2025-39541 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 6.5 Medium |
| Missing Authorization vulnerability in Roland Murg WP Simple Booking Calendar. This issue affects WP Simple Booking Calendar: from n/a through 2.0.13. | ||||
| CVE-2025-53340 | 2 Getawesomesupport, Wordpress | 2 Awesome Support, Wordpress | 2025-09-11 | 5.3 Medium |
| Missing Authorization vulnerability in awesomesupport Awesome Support. This issue affects Awesome Support: from n/a through 6.3.4. | ||||
| CVE-2025-53291 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 5.4 Medium |
| Missing Authorization vulnerability in spoddev2021 Spreadconnect. This issue affects Spreadconnect: from n/a through 2.1.5. | ||||
| CVE-2025-53348 | 2 Laborator, Wordpress | 2 Kalium, Wordpress | 2025-09-11 | 5.3 Medium |
| Missing Authorization vulnerability in Laborator Kalium. This issue affects Kalium: from n/a through 3.18.3. | ||||
| CVE-2025-49860 | 2 Majesticsupport, Wordpress | 2 Majestic Support, Wordpress | 2025-09-11 | 5.3 Medium |
| Missing Authorization vulnerability in Majestic Support Majestic Support. This issue affects Majestic Support: from n/a through 1.1.0. | ||||
| CVE-2025-58978 | 2 Wordpress, Wpswings | 2 Wordpress, Pdf Generator For Wordpress | 2025-09-11 | 5.3 Medium |
| Missing Authorization vulnerability in WP Swings PDF Generator for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Generator for WordPress: from n/a through 1.5.4. | ||||
| CVE-2025-58980 | 2 Myrecorp, Wordpress | 2 Export Wp Page To Static Html/css, Wordpress | 2025-09-11 | 5.3 Medium |
| Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Export WP Page to Static HTML/CSS: from n/a through 4.1.0. | ||||
| CVE-2025-59005 | 2 Frenify, Wordpress | 2 Categorify, Wordpress | 2025-09-11 | 4.3 Medium |
| Missing Authorization vulnerability in frenify Categorify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Categorify: from n/a through 1.0.7.5. | ||||
| CVE-2025-58976 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 4.3 Medium |
| Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0. | ||||
| CVE-2025-58981 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 5.4 Medium |
| Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0. | ||||
| CVE-2025-58979 | 2 Berqier, Wordpress | 2 Berqwp, Wordpress | 2025-09-11 | 5.3 Medium |
| Missing Authorization vulnerability in BerqWP BerqWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BerqWP: from n/a through 2.2.53. | ||||
| CVE-2025-8778 | 2 Nitropack, Wordpress | 2 Nitropack, Wordpress | 2025-09-11 | 4.3 Medium |
| The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropack_set_compression_ajax() function in all versions up to, and including, 1.18.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the nitropack-enableCompression option and effectively change plugin compression settings. | ||||
| CVE-2025-9979 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 4.3 Medium |
| The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. This is due to missing capability checks on the Maspik_spamlog_download_csv function. This makes it possible for authenticated attackers, with subscriber-level access and above, to export and download the spam log database containing blocked submission attempts, which may include misclassified but legitimate submissions with sensitive data. | ||||
| CVE-2025-10040 | 2025-09-11 | 7.7 High | ||
| The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ftp_details' AJAX action in all versions up to, and including, 7.27. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve a configured set of SFTP/FTP credentials. | ||||
| CVE-2025-57817 | 1 Ethyca | 1 Fides | 2025-09-10 | 7.2 High |
| Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with `client:create` or `client:update` permissions to escalate their privileges to owner-level. Version 2.69.1 fixes the issue. No known workarounds are available. | ||||
| CVE-2025-59017 | 1 Typo3 | 1 Typo3 | 2025-09-10 | 8.8 High |
| Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules. | ||||
| CVE-2025-42917 | 1 Sap | 1 Fiori | 2025-09-10 | 6.5 Medium |
| SAP HCM Approve Timesheets Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and availability remain unaffected. | ||||