| 2025-03-13 | CVE-2025-24053 | Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | 7.2 |
| 2025-03-07 | CVE-2024-13552 | The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.0 via file upload due to missing validation on a user controlled key. | 4.3 |
| 2025-03-04 | CVE-2024-13724 | Improper Authorization vulnerability in Wpswings Wallet System for Woocommerce
The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. | 4.3 |
| 2025-03-03 | CVE-2024-43051 | Improper Authorization vulnerability in Qualcomm products
Information disclosure while deriving keys for a session for any Widevine use case. | 5.5 |
| 2025-02-25 | CVE-2025-23024 | Improper Authorization vulnerability in Glpi-Project Glpi
GLPI is a free asset and IT management software package. | 4.3 |
| 2025-02-22 | CVE-2025-1361 | Improper Authorization vulnerability in Ip2Location Country Blocker
The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admin_init() function. | 5.3 |
| 2025-02-05 | CVE-2025-20125 | A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. network low complexity CWE-285 critical | 9.1 |
| 2024-11-18 | CVE-2020-3539 | A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is due to a failure to limit access to resources that are intended for users with Administrator privileges. | 6.3 |
| 2024-10-25 | CVE-2024-9235 | Improper Authorization vulnerability in Mapster WP Maps
The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapster_wp_maps_set_option_from_js() function in all versions up to, and including, 1.5.0. | 8.8 |
| 2024-10-24 | CVE-2024-9531 | The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvx_sent_deactivation_request' function in all versions up to, and including, 4.2.4. | 4.3 |