| 2025-05-06 | CVE-2025-3609 | The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. | 5.3 |
| 2025-04-25 | CVE-2025-3861 | The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data| due to a misconfigured capability check on the 'pda_lite_custom_permission_check' function in versions 2.8.6 to 2.8.8.2. | 5.4 |
| 2025-04-23 | CVE-2024-10306 | A vulnerability was found in mod_proxy_cluster. | 5.4 |
| 2025-04-20 | CVE-2025-43921 | Incorrect Authorization vulnerability in GNU Mailman
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint. | 5.3 |
| 2025-04-18 | CVE-2025-32796 | Incorrect Authorization vulnerability in Langgenius Dify
Dify is an open-source LLM app development platform. | 6.5 |
| 2025-04-18 | CVE-2024-49808 | IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions. | 6.3 |
| 2025-04-17 | CVE-2025-3453 | The Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products – Restrict Content, Protect WooCommerce Category and more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.7 via the 'password_protected_cookie' function. | 5.3 |
| 2025-04-08 | CVE-2025-31331 | SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. | 4.3 |
| 2025-03-21 | CVE-2025-24920 | Incorrect Authorization vulnerability in Mattermost Server
Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels | 4.3 |
| 2025-03-21 | CVE-2025-27715 | Incorrect Authorization vulnerability in Mattermost Server
Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them. | 2.7 |