| 2025-04-08 | CVE-2025-29794 | Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 8.8 |
| 2025-03-31 | CVE-2025-26683 | Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network. | 8.1 |
| 2025-03-20 | CVE-2024-9000 | Improper Authorization vulnerability in Lunary 1.4.26
In lunary-ai/lunary before version 1.4.26, the checklists.post() endpoint allows users to create or modify checklists without validating whether the user has proper permissions. | 6.5 |
| 2025-03-20 | CVE-2024-9095 | Improper Authorization vulnerability in Lunary 1.4.28
In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control, allowing any logged-in user to create a Datastream to Google BigQuery and export the entire database. | 9.8 |
| 2025-03-20 | CVE-2024-9096 | Improper Authorization vulnerability in Lunary 1.4.28
In lunary-ai/lunary version 1.4.28, the /checklists/:id route allows low-privilege users to modify checklists by sending a PATCH request. | 7.1 |
| 2025-03-19 | CVE-2025-29926 | Improper Authorization vulnerability in Xwiki
XWiki Platform is a generic wiki platform. | 9.8 |
| 2025-03-13 | CVE-2025-24053 | Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | 7.2 |
| 2025-03-07 | CVE-2024-13552 | The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.0 via file upload due to missing validation on a user controlled key. | 4.3 |
| 2025-03-04 | CVE-2024-13724 | Improper Authorization vulnerability in Wpswings Wallet System for Woocommerce
The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. | 4.3 |
| 2025-03-03 | CVE-2024-43051 | Improper Authorization vulnerability in Qualcomm products
Information disclosure while deriving keys for a session for any Widevine use case. | 5.5 |