Latest CVE Feed
-
4.3
MEDIUMCVE-2025-62072
Missing Authorization vulnerability in Rustaurius Front End Users front-end-only-users.This issue affects Front End Users: from n/a through <= 3.2.33.... Read more
Affected Products : front_end_users- Published: Oct. 22, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-12847
The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized arbitrary media attachment deletion due to a missing authorization check in all versions up to, and including, 4.8.9. This... Read more
Affected Products : all_in_one_seo- Published: Nov. 15, 2025
- Modified: Nov. 15, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-62052
Missing Authorization vulnerability in Horea Radu One Page Express Companion one-page-express-companion.This issue affects One Page Express Companion: from n/a through <= 1.6.43.... Read more
Affected Products : one_page_express_companion- Published: Oct. 22, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-11887
The Supervisor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscr... Read more
Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-12366
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.5 via the pagelayer_replace_page function due to missing validation on a user cont... Read more
Affected Products : pagelayer- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-36091
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment.... Read more
Affected Products : cloud_pak_for_business_automation- Published: Nov. 03, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-12582
The Features plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'features_revert_option AJAX endpoint in all versions up to, and including, 0.0.2. This makes it possible for authenticated attac... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-62393
A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses they should not have access to, potentially exposing limited course detail... Read more
Affected Products : moodle- Published: Oct. 23, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-64267
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPSwings WooCommerce Ultimate Points And Rewards woocommerce-ultimate-points-and-rewards allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Ult... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-62070
Missing Authorization vulnerability in WPXPO WowRevenue revenue.This issue affects WowRevenue: from n/a through <= 1.2.13.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-62395
A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data.... Read more
Affected Products : moodle- Published: Oct. 23, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-62978
Missing Authorization vulnerability in Kiotviet KiotViet Sync kiotvietsync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiotViet Sync: from n/a through <= 1.8.5.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-43493
The issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Visiting a malicious website may lead to address bar spoofing.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Misconfiguration
-
4.3
MEDIUMCVE-2025-64356
Missing Authorization vulnerability in f1logic Insert PHP Code Snippet insert-php-code-snippet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Insert PHP Code Snippet: from n/a through <= 1.4.3.... Read more
Affected Products : insert_php_code_snippet- Published: Oct. 31, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-12443
Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)... Read more
- Published: Nov. 10, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Memory Corruption
-
4.3
MEDIUMCVE-2025-64143
Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file s... Read more
Affected Products : openshift_pipeline- Published: Oct. 29, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-64142
A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.... Read more
Affected Products : nexus_task_runner- Published: Oct. 29, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-64269
Missing Authorization vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoice Builder: from n/a through <= 1.2.1... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2024-13178
Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more
Affected Products : chrome- Published: Nov. 14, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Misconfiguration
-
4.3
MEDIUMCVE-2025-20346
A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper r... Read more
Affected Products : catalyst_center- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authorization