| 2025-04-08 | CVE-2025-27188 | Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. | 4.3 |
| 2025-04-08 | CVE-2025-29794 | Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 8.8 |
| 2025-03-31 | CVE-2025-26683 | Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network. | 8.1 |
| 2025-03-20 | CVE-2024-9000 | Improper Authorization vulnerability in Lunary 1.4.26
In lunary-ai/lunary before version 1.4.26, the checklists.post() endpoint allows users to create or modify checklists without validating whether the user has proper permissions. | 6.5 |
| 2025-03-20 | CVE-2024-9096 | Improper Authorization vulnerability in Lunary 1.4.28
In lunary-ai/lunary version 1.4.28, the /checklists/:id route allows low-privilege users to modify checklists by sending a PATCH request. | 7.1 |
| 2025-03-13 | CVE-2025-24053 | Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | 7.2 |
| 2025-03-07 | CVE-2024-13552 | The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.0 via file upload due to missing validation on a user controlled key. | 4.3 |
| 2025-03-04 | CVE-2024-13724 | Improper Authorization vulnerability in Wpswings Wallet System for Woocommerce
The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. | 4.3 |
| 2025-03-03 | CVE-2024-43051 | Improper Authorization vulnerability in Qualcomm products
Information disclosure while deriving keys for a session for any Widevine use case. | 5.5 |
| 2025-02-25 | CVE-2025-23024 | Improper Authorization vulnerability in Glpi-Project Glpi
GLPI is a free asset and IT management software package. | 4.3 |