| 2025-03-26 | CVE-2025-20230 | In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value Store (KVStore) collections that the Splunk Secure Gateway app created. | 4.3 |
| 2025-03-26 | CVE-2025-20229 | In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks. | 8.0 |
| 2025-03-16 | CVE-2025-2348 | A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. | 4.3 |
| 2025-03-12 | CVE-2025-20144 | A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. | 4.0 |
| 2025-03-12 | CVE-2024-13430 | Improper Access Control vulnerability in Pagelayer
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayer_builder_posts_shortcode' function due to insufficient restrictions on which posts can be included. | 4.3 |
| 2025-03-11 | CVE-2025-24076 | Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | 7.3 |
| 2025-03-11 | CVE-2025-24994 | Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | 7.3 |
| 2025-03-07 | CVE-2024-13635 | The VK Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.94.2.2 via the page content block. | 4.3 |
| 2025-03-03 | CVE-2024-51954 | Improper Access Control vulnerability in Esri Arcgis Server 10.9.1/11.1
There is an improper access control issue in ArcGIS Server versions 10.9.1 through 11.3 on Windows and Linux, which under unique circumstances, could potentially allow a remote, low privileged authenticated attacker to access secure services published a standalone (Unfederated) ArcGIS Server instance. If successful this compromise would have a high impact on Confidentiality, low impact on integrity and no impact to availability of the software. | 7.1 |
| 2025-02-25 | CVE-2024-13693 | Improper Access Control vulnerability in Kriesi Enfold
The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. | 5.3 |