Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2025-03-20 CVE-2024-8999 Improper Access Control vulnerability in Lunary
lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint.
network
low complexity
lunary CWE-284
7.5
2025-03-20 CVE-2024-9098 Improper Access Control vulnerability in Lunary
In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where admins can invite new members with billing permissions, thereby gaining unauthorized access to billing resources.
network
low complexity
lunary CWE-284
6.1
2025-03-16 CVE-2025-2348 A vulnerability was found in IROAD Dash Cam FX2 up to 20250308.
low complexity
CWE-284
4.3
2025-03-12 CVE-2025-20144 A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists.
network
high complexity
CWE-284
4.0
2025-03-12 CVE-2024-13430 Improper Access Control vulnerability in Pagelayer
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayer_builder_posts_shortcode' function due to insufficient restrictions on which posts can be included.
network
low complexity
pagelayer CWE-284
4.3
2025-03-11 CVE-2025-24076 Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
local
low complexity
CWE-284
7.3
2025-03-11 CVE-2025-24994 Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
local
low complexity
CWE-284
7.3
2025-03-07 CVE-2024-13635 The VK Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.94.2.2 via the page content block.
network
low complexity
CWE-284
4.3
2025-02-25 CVE-2024-13693 Improper Access Control vulnerability in Kriesi Enfold
The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9.
network
low complexity
kriesi CWE-284
5.3
2025-02-24 CVE-2025-27140 Improper Access Control vulnerability in Wegia 3.2.13/3.2.14
WeGIA is a Web manager for charitable institutions.
network
low complexity
wegia CWE-284
critical
9.8