VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Access Control
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-04-12
CVE-2025-32726
Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.
local
low complexity
CWE-284
6.8
6.8
2025-04-08
CVE-2025-27190
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
network
low complexity
CWE-284
5.3
5.3
2025-04-08
CVE-2025-27191
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
network
low complexity
CWE-284
5.3
5.3
2025-04-08
CVE-2025-30281
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read.
network
low complexity
CWE-284
critical
9.1
9.1
2025-04-08
CVE-2025-27744
Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally.
local
low complexity
CWE-284
7.8
7.8
2025-04-08
CVE-2025-29804
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
local
low complexity
CWE-284
7.3
7.3
2025-04-08
CVE-2025-26678
Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.
local
low complexity
CWE-284
8.4
8.4
2025-04-07
CVE-2025-21425
Memory corruption may occur due top improper access control in HAB process.
local
low complexity
CWE-284
7.3
7.3
2025-03-26
CVE-2025-20230
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value Store (KVStore) collections that the Splunk Secure Gateway app created.
network
low complexity
CWE-284
4.3
4.3
2025-03-26
CVE-2025-20229
In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks.
network
low complexity
CWE-284
8.0
8.0
«
1
(current)
2
3
4
5
...
81
82
»
Next