| 2025-03-11 | CVE-2025-26660 | SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. | 4.3 |
| 2025-03-11 | CVE-2025-27433 | The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. | 4.3 |
| 2025-03-11 | CVE-2025-27436 | The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. | 4.3 |
| 2025-03-08 | CVE-2024-12114 | Authorization Bypass Through User-Controlled Key vulnerability in Fooplugins Foogallery
The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogallery_attachment_modal_save AJAX action due to missing validation on a user controlled key (img_id). | 4.3 |
| 2025-03-05 | CVE-2024-11216 | Authorization Bypass Through User-Controlled Key, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in PozitifIK Pik Online allows Account Footprinting, Session Hijacking.This issue affects Pik Online: through 05.03.2025. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 7.6 |
| 2025-02-28 | CVE-2024-13832 | Authorization Bypass Through User-Controlled Key vulnerability in Uncodethemes Ultra Addons Lite for Elementor
The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'ut_elementor' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
| 2025-02-25 | CVE-2025-26977 | Authorization Bypass Through User-Controlled Key vulnerability in Ninjateam Filebird
Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels. | 7.2 |
| 2025-02-24 | CVE-2025-1607 | A vulnerability, which was classified as problematic, has been found in SourceCodester Best Employee Management System 1.0. | 4.3 |
| 2025-02-22 | CVE-2024-13873 | Authorization Bypass Through User-Controlled Key vulnerability in Wpjobportal WP JOB Portal
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8 via the deleteUserPhoto() function due to missing validation on a user controlled key. | 4.3 |
| 2025-02-20 | CVE-2024-13855 | Authorization Bypass Through User-Controlled Key vulnerability in Nilambar Prime Addons for Elementor
The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the pae_global_block shortcode due to missing validation on a user controlled key. | 4.3 |