Vulnerabilities > Improper Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-03-20 CVE-2024-9000 Improper Authorization vulnerability in Lunary 1.4.26
In lunary-ai/lunary before version 1.4.26, the checklists.post() endpoint allows users to create or modify checklists without validating whether the user has proper permissions.
network
low complexity
lunary CWE-285
6.5
2025-03-20 CVE-2024-9095 Improper Authorization vulnerability in Lunary 1.4.28
In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control, allowing any logged-in user to create a Datastream to Google BigQuery and export the entire database.
network
low complexity
lunary CWE-285
critical
9.8
2025-03-20 CVE-2024-9096 Improper Authorization vulnerability in Lunary 1.4.28
In lunary-ai/lunary version 1.4.28, the /checklists/:id route allows low-privilege users to modify checklists by sending a PATCH request.
network
low complexity
lunary CWE-285
7.1
2025-03-13 CVE-2025-24053 Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
network
low complexity
CWE-285
7.2
2025-03-07 CVE-2024-13552 The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.0 via file upload due to missing validation on a user controlled key.
network
low complexity
CWE-285
4.3
2025-03-04 CVE-2024-13724 Improper Authorization vulnerability in Wpswings Wallet System for Woocommerce
The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2.
network
low complexity
wpswings CWE-285
4.3
2025-03-03 CVE-2024-43051 Improper Authorization vulnerability in Qualcomm products
Information disclosure while deriving keys for a session for any Widevine use case.
local
low complexity
qualcomm CWE-285
5.5
2025-02-25 CVE-2025-23024 Improper Authorization vulnerability in Glpi-Project Glpi
GLPI is a free asset and IT management software package.
network
low complexity
glpi-project CWE-285
4.3
2025-02-22 CVE-2025-1361 Improper Authorization vulnerability in Ip2Location Country Blocker
The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admin_init() function.
network
low complexity
ip2location CWE-285
5.3
2025-02-05 CVE-2025-20125 Improper Authorization vulnerability in Cisco Identity Services Engine
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data.
network
low complexity
cisco CWE-285
7.2