CWE-266: CWE-266

This critical vulnerability in SourceCodester Best House Rental Management System 1.0 allows unauthorized deletion of tenant records via a POST reques...

This vulnerability allows authenticated attackers to modify or cancel requests belonging to other users in Shilpi Client Dashboard through unauthorize...

This vulnerability allows remote attackers with low privileges to save unauthorized protection assignments in Sprecher Automation SPRECON-E systems. T...

A privilege escalation vulnerability in CyberDAVA allows low-privileged authenticated users to elevate their privileges to admin by exploiting an API ...

CVE-2025-15597 is an improper access control vulnerability in Dataease SQLBot up to version 1.4.0 that allows unauthorized access to API endpoints. At...

This vulnerability allows attackers to bypass access controls in fosrl Pangolin's Role Handler component, potentially gaining unauthorized access to r...

This CVE describes an improper authorization vulnerability in the EmployeeController.java file of the feng_ha_ha/megagao ssm-erp and production_ssm pr...

This CVE describes an improper access control vulnerability in the yeqifu warehouse software's customer management endpoints. Attackers can manipulate...

This CVE describes an improper authorization vulnerability in GoogTech sms-ssm's API interface that allows attackers to bypass authentication controls...

A remote privilege escalation vulnerability in JingDong JD Cloud Box AX6600 allows attackers to gain elevated privileges by manipulating the set_stcre...

This vulnerability allows remote attackers to escalate privileges on JingDong JD Cloud Box AX6600 devices by exploiting a flaw in the web_get_ddns_upt...

This CVE describes an improper authorization vulnerability in WuKongOpenSource WukongCRM that allows attackers to bypass access controls via URL manip...

This vulnerability in WeKan allows improper access controls through the Administrative Repair Handler component. Attackers can remotely exploit this f...

This vulnerability in WeKan allows remote attackers to bypass authorization controls in the custom translation handler. Attackers can manipulate trans...

This CVE describes an improper authorization vulnerability in the yeqifu warehouse software's log info handler component. Attackers can remotely explo...

This CVE describes an improper authorization vulnerability in the Notice Management component of yeqifu warehouse software. Attackers can remotely exp...

This CVE-2026-2105 vulnerability allows unauthorized users to manipulate department management functions (add, update, delete) in yeqifu warehouse sof...

This CVE describes an improper authorization vulnerability in yeqifu warehouse's menu management functions (addMenu/updateMenu/deleteMenu). Attackers ...

This CVE describes an improper authorization vulnerability in yeqifu warehouse's permission management functions. Attackers can remotely manipulate pe...

This CVE describes an improper authorization vulnerability in yeqifu warehouse's role management functions (addRole/updateRole/deleteRole) that allows...

This CVE describes an improper authorization vulnerability in the yeqifu warehouse user management endpoints (addUser/updateUser/deleteUser). Attacker...

This CVE describes an improper access control vulnerability in yeqifu warehouse's role-permission binding handler. Attackers can remotely exploit this...

This vulnerability in Portabilis i-Educar allows remote attackers to bypass authorization controls by manipulating the school_id parameter in the Fina...

This vulnerability allows improper access control in SourceCodester Gas Agency Management System 1.0, enabling unauthorized user creation or privilege...

This CVE describes an improper access control vulnerability in WeKan's attachment storage component. Attackers can remotely exploit this to access or ...

This vulnerability in WeKan's attachment migration component allows attackers to bypass access controls and potentially access or manipulate attachmen...

This vulnerability in WeKan's LDAP user synchronization component allows improper access controls, potentially enabling unauthorized access to user ac...

This vulnerability in WeKan allows attackers to bypass access controls during board migration operations by manipulating the boardId argument. Attacke...

This vulnerability in WeKan allows attackers to bypass authorization checks in the REST API by manipulating card/board ID parameters. Remote attackers...

CVE-2026-1895 is an improper access control vulnerability in WeKan's attachment storage handler that allows remote attackers to bypass intended restri...

This vulnerability allows remote attackers to bypass authorization controls in Pet Grooming Management Software 1.0 by manipulating the group_id param...

This vulnerability in Bdtask SalesERP allows attackers to bypass authorization controls by manipulating the ci_session parameter on administrative end...

CVE-2026-1550 is an improper authorization vulnerability in PHPGurukul Hospital Management System 1.0 that allows attackers to bypass access controls ...

This vulnerability in MineAdmin 1.x/2.x allows attackers to bypass authorization controls via the /system/cache/view interface, potentially accessing ...

This CVE describes an improper authorization vulnerability in the yeqifu warehouse software that allows vertical privilege escalation. Attackers can r...

CVE-2025-15106 is an improper authorization vulnerability in getmaxun maxun's authentication endpoint that allows attackers to bypass authorization co...

This vulnerability allows unauthorized remote control of PTZ (Pan-Tilt-Zoom) cameras on the Ningyuanda TC155 device via the ONVIF interface. Attackers...

CVE-2025-14089 is an improper authorization vulnerability in Himool ERP that allows remote attackers to perform unauthorized account updates via the A...

This vulnerability in ketr JEPaaS allows attackers to bypass authorization controls via manipulation of the Authorization parameter in the /je/load en...

This vulnerability in youlaitech youlai-mall allows attackers to bypass access controls by manipulating the openid parameter in the /app-api/v1/member...

This vulnerability in youlai-mall allows attackers to bypass access controls by manipulating the memberId parameter in the getMemberById function. Att...

CVE-2025-13576 is an improper authorization vulnerability in code-projects Blog Site 1.0 that allows remote attackers to bypass authentication on the ...

This vulnerability in WeiYe-Jing datax-web up to version 2.1.2 allows remote attackers to bypass access controls on job management functions (remove/u...

This vulnerability in macrozheng mall-swarm and mall allows attackers to bypass authorization by manipulating the orderID parameter in the paySuccess ...

This vulnerability in macrozheng mall-swarm allows attackers to bypass authorization controls when manipulating the updateAttr function in the cart up...

CVE-2025-11853 is an improper access control vulnerability in Sismics Teedy's API endpoint that allows unauthorized access to files. Attackers can exp...

This vulnerability allows attackers on the same local network to bypass access controls in Tomofun Furbo pet cameras via the GATT Service, potentially...

This vulnerability in Portabilis i-Educar allows attackers to escalate privileges through insecure inherited permissions in the User Type Handler comp...

CVE-2025-11050 is an improper authorization vulnerability in Portabilis i-Educar's /periodo-lancamento endpoint that allows remote attackers to bypass...

CVE-2025-11049 is an improper authorization vulnerability in Portabilis i-Educar's /unificacao-aluno endpoint that allows unauthorized access to stude...