| 2025-05-07 | CVE-2025-20164 | A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. | 8.3 |
| 2025-05-07 | CVE-2025-47612 | Missing Authorization vulnerability in Flowdee Clickwhale
Missing Authorization vulnerability in flowdee ClickWhale allows Exploiting Incorrectly Configured Access Control Security Levels. | 8.8 |
| 2025-05-07 | CVE-2025-47628 | Missing Authorization vulnerability in Quomodosoft QS Dark Mode
Missing Authorization vulnerability in quomodosoft QS Dark Mode allows Exploiting Incorrectly Configured Access Control Security Levels. | 8.8 |
| 2025-05-07 | CVE-2025-47688 | Missing Authorization vulnerability in Advancedfilemanager Advanced File Manager
Missing Authorization vulnerability in Saad Iqbal Advanced File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. | 9.8 |
| 2025-05-07 | CVE-2025-3766 | The Login Lockdown & Protection plugin for WordPress is vulnerable to unauthorized nonce access due to a missing capability check on the ajax_run_tool function in all versions up to, and including, 2.11. | 5.4 |
| 2025-05-07 | CVE-2025-2821 | The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions up to, and including, 2.4.9. | 5.3 |
| 2025-05-06 | CVE-2025-0856 | The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.8.0. | 7.3 |
| 2025-05-05 | CVE-2025-4282 | Missing Authorization vulnerability in Oretnom23 Stock Management System 1.0
A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as problematic. | 8.8 |
| 2025-05-02 | CVE-2024-13419 | Missing Authorization vulnerability in G5Plus products
Multiple plugins and/or themes for WordPress using Smart Framework are vulnerable to Stored Cross-Site Scripting due to a missing capability check on the saveOptions() and importThemeOptions() functions in various versions. | 5.4 |
| 2025-05-02 | CVE-2025-1326 | Missing Authorization vulnerability in Favethemes Homey
The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the homey_reservation_del() function in all versions up to, and including, 2.4.4. | 4.3 |