| 2025-03-20 | CVE-2024-8999 | Improper Access Control vulnerability in Lunary
lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. | 7.5 |
| 2025-03-20 | CVE-2024-9098 | Improper Access Control vulnerability in Lunary
In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where admins can invite new members with billing permissions, thereby gaining unauthorized access to billing resources. | 6.1 |
| 2025-03-16 | CVE-2025-2348 | A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. | 4.3 |
| 2025-03-12 | CVE-2025-20144 | A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. | 4.0 |
| 2025-03-12 | CVE-2024-13430 | Improper Access Control vulnerability in Pagelayer
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayer_builder_posts_shortcode' function due to insufficient restrictions on which posts can be included. | 4.3 |
| 2025-03-11 | CVE-2025-24076 | Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | 7.3 |
| 2025-03-11 | CVE-2025-24994 | Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | 7.3 |
| 2025-03-07 | CVE-2024-13635 | The VK Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.94.2.2 via the page content block. | 4.3 |
| 2025-02-25 | CVE-2024-13693 | Improper Access Control vulnerability in Kriesi Enfold
The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. | 5.3 |
| 2025-02-24 | CVE-2025-27140 | Improper Access Control vulnerability in Wegia 3.2.13/3.2.14
WeGIA is a Web manager for charitable institutions. | 9.8 |