Vulnerabilities > Improper Access Control

DATE	CVE	VULNERABILITY TITLE	RISK
2025-04-08	CVE-2025-27191	Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. network low complexity CWE-284	5.3
2025-04-08	CVE-2025-30281	ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. network low complexity CWE-284 critical	9.1
2025-04-08	CVE-2025-27744	Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally. local low complexity CWE-284	7.8
2025-04-08	CVE-2025-29804	Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. local low complexity CWE-284	7.3
2025-04-08	CVE-2025-26678	Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally. local low complexity CWE-284	8.4
2025-04-07	CVE-2025-21425	Memory corruption may occur due top improper access control in HAB process. local low complexity CWE-284	7.3
2025-03-26	CVE-2025-20230	In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value Store (KVStore) collections that the Splunk Secure Gateway app created. network low complexity CWE-284	4.3
2025-03-26	CVE-2025-20229	In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks. network low complexity CWE-284	8.0
2025-03-20	CVE-2024-8999	Improper Access Control vulnerability in Lunary lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. network low complexity lunary CWE-284	7.5
2025-03-20	CVE-2024-9098	Improper Access Control vulnerability in Lunary In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where admins can invite new members with billing permissions, thereby gaining unauthorized access to billing resources. network low complexity lunary CWE-284	6.1

Vulnerabilities > Improper Access Control {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Improper Access Control"}]}

Vulnerabilities > Improper Access Control