Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2025-04-12 CVE-2025-32726 Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.
local
low complexity
CWE-284
6.8
2025-04-08 CVE-2025-27190 Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
network
low complexity
CWE-284
5.3
2025-04-08 CVE-2025-27191 Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
network
low complexity
CWE-284
5.3
2025-04-08 CVE-2025-30281 ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read.
network
low complexity
CWE-284
critical
9.1
2025-04-08 CVE-2025-27744 Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally.
local
low complexity
CWE-284
7.8
2025-04-08 CVE-2025-29804 Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
local
low complexity
CWE-284
7.3
2025-04-08 CVE-2025-26678 Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.
local
low complexity
CWE-284
8.4
2025-04-07 CVE-2025-21425 Memory corruption may occur due top improper access control in HAB process.
local
low complexity
CWE-284
7.3
2025-03-26 CVE-2025-20230 In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value Store (KVStore) collections that the Splunk Secure Gateway app created.
network
low complexity
CWE-284
4.3
2025-03-26 CVE-2025-20229 In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks.
network
low complexity
CWE-284
8.0