Vulnerabilities > Improper Authorization

DATE CVE VULNERABILITY TITLE RISK
2025-04-08 CVE-2025-29794 Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
network
low complexity
CWE-285
8.8
2025-03-31 CVE-2025-26683 Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.
network
high complexity
CWE-285
8.1
2025-03-20 CVE-2024-9000 Improper Authorization vulnerability in Lunary 1.4.26
In lunary-ai/lunary before version 1.4.26, the checklists.post() endpoint allows users to create or modify checklists without validating whether the user has proper permissions.
network
low complexity
lunary CWE-285
6.5
2025-03-20 CVE-2024-9095 Improper Authorization vulnerability in Lunary 1.4.28
In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control, allowing any logged-in user to create a Datastream to Google BigQuery and export the entire database.
network
low complexity
lunary CWE-285
critical
9.8
2025-03-20 CVE-2024-9096 Improper Authorization vulnerability in Lunary 1.4.28
In lunary-ai/lunary version 1.4.28, the /checklists/:id route allows low-privilege users to modify checklists by sending a PATCH request.
network
low complexity
lunary CWE-285
7.1
2025-03-19 CVE-2025-29926 Improper Authorization vulnerability in Xwiki
XWiki Platform is a generic wiki platform.
network
low complexity
xwiki CWE-285
critical
9.8
2025-03-13 CVE-2025-24053 Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
network
low complexity
CWE-285
7.2
2025-03-07 CVE-2024-13552 The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.0 via file upload due to missing validation on a user controlled key.
network
low complexity
CWE-285
4.3
2025-03-04 CVE-2024-13724 Improper Authorization vulnerability in Wpswings Wallet System for Woocommerce
The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2.
network
low complexity
wpswings CWE-285
4.3
2025-03-03 CVE-2024-43051 Improper Authorization vulnerability in Qualcomm products
Information disclosure while deriving keys for a session for any Widevine use case.
local
low complexity
qualcomm CWE-285
5.5