Vulnerabilities > Improper Access Control

DATE	CVE	VULNERABILITY TITLE	RISK
2025-03-26	CVE-2025-20230	In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value Store (KVStore) collections that the Splunk Secure Gateway app created. network low complexity CWE-284	4.3
2025-03-26	CVE-2025-20229	In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks. network low complexity CWE-284	8.0
2025-03-16	CVE-2025-2348	A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. low complexity CWE-284	4.3
2025-03-12	CVE-2025-20144	A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. network high complexity CWE-284	4.0
2025-03-12	CVE-2024-13430	The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayer_builder_posts_shortcode' function due to insufficient restrictions on which posts can be included. network low complexity CWE-284	4.3
2025-03-11	CVE-2025-24076	Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. local low complexity CWE-284	7.3
2025-03-11	CVE-2025-24994	Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. local low complexity CWE-284	7.3
2025-03-07	CVE-2024-13635	The VK Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.94.2.2 via the page content block. network low complexity CWE-284	4.3
2025-03-03	CVE-2024-51954	Improper Access Control vulnerability in Esri Arcgis Server 10.9.1/11.1 There is an improper access control issue in ArcGIS Server versions 10.9.1 through 11.3 on Windows and Linux, which under unique circumstances, could potentially allow a remote, low privileged authenticated attacker to access secure services published a standalone (Unfederated) ArcGIS Server instance. If successful this compromise would have a high impact on Confidentiality, low impact on integrity and no impact to availability of the software. network low complexity esri CWE-284	7.1
2025-02-25	CVE-2024-13693	Improper Access Control vulnerability in Kriesi Enfold The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. network low complexity kriesi CWE-284	5.3

Vulnerabilities > Improper Access Control {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Improper Access Control"}]}

Vulnerabilities > Improper Access Control