Vulnerabilities > Improper Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-20 | CVE-2024-9000 | Improper Authorization vulnerability in Lunary 1.4.26 In lunary-ai/lunary before version 1.4.26, the checklists.post() endpoint allows users to create or modify checklists without validating whether the user has proper permissions. | 6.5 |
| 2025-03-20 | CVE-2024-9095 | Improper Authorization vulnerability in Lunary 1.4.28 In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control, allowing any logged-in user to create a Datastream to Google BigQuery and export the entire database. | 9.8 |
| 2025-03-20 | CVE-2024-9096 | Improper Authorization vulnerability in Lunary 1.4.28 In lunary-ai/lunary version 1.4.28, the /checklists/:id route allows low-privilege users to modify checklists by sending a PATCH request. | 7.1 |
| 2025-03-13 | CVE-2025-24053 | Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | 7.2 |
| 2025-03-07 | CVE-2024-13552 | The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.0 via file upload due to missing validation on a user controlled key. | 4.3 |
| 2025-03-04 | CVE-2024-13724 | Improper Authorization vulnerability in Wpswings Wallet System for Woocommerce The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. | 4.3 |
| 2025-03-03 | CVE-2024-43051 | Improper Authorization vulnerability in Qualcomm products Information disclosure while deriving keys for a session for any Widevine use case. | 5.5 |
| 2025-02-25 | CVE-2025-23024 | Improper Authorization vulnerability in Glpi-Project Glpi GLPI is a free asset and IT management software package. | 4.3 |
| 2025-02-22 | CVE-2025-1361 | Improper Authorization vulnerability in Ip2Location Country Blocker The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admin_init() function. | 5.3 |
| 2025-02-05 | CVE-2025-20125 | Improper Authorization vulnerability in Cisco Identity Services Engine A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. | 7.2 |