Vulnerabilities (CVE)

Filtered by CWE-862
Total 4980 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-53108 2025-07-03 N/A N/A
HomeBox is a home inventory and organization system. Prior to 0.20.1, HomeBox contains a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachments. This flaw allows authenticated users to perform unauthorized actions on inventory item attachments that they do not own. This issue could lead to unauthorized data manipulation or loss of critical inventory data. This issue has been patched in version 0.20.1. There are no workarounds, users must upgrade.
CVE-2025-3702 2025-07-03 N/A 5.4 MEDIUM
Missing Authorization vulnerability in Melapress Melapress File Monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File Monitor: from n/a before 2.2.0.
CVE-2025-27461 2025-07-03 N/A 7.6 HIGH
During startup, the device automatically logs in the EPC2 Windows user without requesting a password.
CVE-2025-39362 2025-07-03 N/A 6.5 MEDIUM
Missing Authorization vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 8.0.2.
CVE-2023-4104 1 Mozilla 1 Vpn 2025-07-03 N/A 5.5 MEDIUM
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.16.1 < (Linux).
CVE-2025-47560 2025-07-03 N/A 5.0 MEDIUM
Missing Authorization vulnerability in PT Norther Lights Production MapSVG allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a before 8.6.13.
CVE-2025-47558 2025-07-03 N/A 7.5 HIGH
Missing Authorization vulnerability in PT Norther Lights Production MapSVG allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a before 8.6.13.
CVE-2024-10762 1 Lunary 1 Lunary 2025-07-02 N/A 8.1 HIGH
In lunary-ai/lunary before version 1.5.9, the /v1/evaluators/ endpoint allows users to delete evaluators of a project by sending a DELETE request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can delete evaluator data. This vulnerability allows low-privilege users to delete evaluators data, causing permanent data loss and potentially hindering operations.
CVE-2025-1074 1 Webkul 1 Qloapps 2025-07-02 5.0 MEDIUM 4.3 MEDIUM
A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure. They are aware about it and are working on resolving it.
CVE-2024-13203 1 Kurniaramadhan 1 E-commerce-php 2025-07-02 5.0 MEDIUM 4.3 MEDIUM
A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-0526 2 Microsoft, Octopus 2 Windows, Octopus Server 2025-07-02 N/A 5.4 MEDIUM
In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.
CVE-2024-31368 1 Pencidesign 1 Soledad 2025-07-02 N/A 6.5 MEDIUM
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
CVE-2024-31367 1 Pencidesign 1 Soledad 2025-07-02 N/A 7.1 HIGH
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
CVE-2025-6864 1 Seacms 1 Seacms 2025-07-01 5.0 MEDIUM 4.3 MEDIUM
A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admin_type.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6865 1 Daicuo 1 Daicuo 2025-07-01 5.0 MEDIUM 4.3 MEDIUM
A vulnerability, which was classified as problematic, was found in DaiCuo up to 1.3.13. This affects an unknown part of the file /admin.php/addon/index. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-38057 1 Themehunk 1 Th Advance Product Search 2025-06-30 N/A 6.5 MEDIUM
Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1.
CVE-2025-52818 2025-06-30 N/A 8.2 HIGH
Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Trusty Whistleblowing: from n/a through 1.5.2.
CVE-2025-52817 2025-06-30 N/A 8.2 HIGH
Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Abandoned Contact Form 7: from n/a through 2.0.
CVE-2025-53266 2025-06-30 N/A 4.3 MEDIUM
Missing Authorization vulnerability in EdwardBock Cron Logger allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cron Logger: from n/a through 1.3.0.
CVE-2025-53200 2025-06-30 N/A 4.3 MEDIUM
Missing Authorization vulnerability in QuantumCloud ChatBot allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ChatBot: from n/a through 6.7.3.