CWE-266: CWE-266

This vulnerability allows attackers to bypass authorization controls in Portabilis i-Educar's /consulta-dispensas endpoint, potentially accessing unau...

This vulnerability in Portabilis i-Educar allows attackers to bypass authorization controls and enumerate student records by manipulating the aluno_id...

This vulnerability allows unauthorized access to the business transfer functionality in YunaiV ruoyi-vue-pro CRM systems. Attackers can remotely explo...

This vulnerability in yangzongzhuan RuoYi up to version 4.8.1 allows attackers to bypass authorization controls by manipulating the userIds parameter ...

This vulnerability allows remote attackers to bypass authorization controls in YunaiV yudao-cloud by manipulating the contactId parameter in the /crm/...

This vulnerability in Portabilis i-Educar allows attackers to bypass access controls on the /enrollment-history/ endpoint, potentially accessing unaut...

This vulnerability in linlinjava litemall up to version 1.8.0 allows remote attackers to bypass authorization controls via manipulation of the ID para...

This vulnerability allows unauthorized contact transfer in YunaiV ruoyi-vue-pro CRM systems. Attackers can remotely manipulate contact ownership witho...

This vulnerability allows unauthorized users to transfer CRM contracts to different owners due to improper authorization checks in the YunaiV ruoyi-vu...

This vulnerability in YunaiV yudao-cloud allows remote attackers to bypass authorization controls by manipulating the ID parameter in the /crm/receiva...

This vulnerability in YunaiV yudao-cloud allows attackers to bypass authorization controls by manipulating parameters in the /crm/business/transfer en...

This vulnerability allows attackers to bypass access controls in JEPaaS 7.2.8 by exploiting the doFilterInternal function in the Filter Handler compon...

CVE-2025-10086 is an improper authorization vulnerability in the fuyang_lipengjun platform 1.0.0 that allows remote attackers to access unauthorized f...

This vulnerability allows attackers to bypass access controls in Portabilis i-Educar's batch enrollment cancellation endpoint. Remote attackers can ma...

This vulnerability in Portabilis i-Educar allows attackers to bypass access controls on the student enrollment endpoint, potentially manipulating stud...

CVE-2025-10070 is an improper access control vulnerability in Portabilis i-Educar up to version 2.10 that allows remote attackers to bypass authorizat...

A critical permission vulnerability in LitmusChaos Litmus up to version 3.19.0 allows remote attackers to exploit the LocalStorage Handler component. ...

This critical vulnerability in LitmusChaos Litmus allows attackers to bypass access controls via improper validation of the projectID parameter in the...

This critical vulnerability in LitmusChaos Litmus allows attackers to bypass authorization controls by manipulating the 'role' parameter in the /auth/...

This vulnerability allows attackers to bypass authorization checks in TDuckCloud tduck-platform's management interface, potentially accessing administ...

This critical vulnerability in Dromara Northstar allows attackers to bypass authorization controls by manipulating request arguments in the preHandle ...

This critical vulnerability in juzaweb CMS 3.4.2 allows unprivileged users to upload new themes via the /admin-cp/theme/install endpoint due to improp...

This critical vulnerability in juzaweb CMS allows unprivileged users to access and potentially delete error logs through the /admin-cp/log-viewer endp...

CVE-2025-5425 is a critical improper access control vulnerability in juzaweb CMS that allows unprivileged users to access the theme editor page remote...

This vulnerability allows unprivileged users to modify general system settings in juzaweb CMS due to improper access controls on the General Setting P...

This critical vulnerability in juzaweb CMS allows unprivileged users to access the plugin editor page, bypassing proper access controls. Attackers can...

This critical vulnerability in JeeWMS allows remote attackers to bypass access controls on the file handling component, potentially accessing or manip...

This CVE describes an authorization bypass vulnerability in Novel 3.5.0 that allows attackers to remotely manipulate book chapters without proper auth...

This critical vulnerability in ZeroWdd/code-projects studentmanager 1.0 allows unauthorized access to the /getTeacherList endpoint due to improper aut...

This critical vulnerability in JamesZBL/code-projects db-hospital-drug 1.0 allows remote attackers to bypass authorization controls due to improper co...

This vulnerability in admintwo 1.0 allows attackers to bypass access controls via the email parameter in the /user/updateSet endpoint, potentially ena...

A critical vulnerability in Thinkware Car Dashcam F800 Pro allows improper access controls in the File Storage component. Attackers on the same local ...

This CVE describes an improper authorization vulnerability in zj1983 zz software up to version 2024-8. Attackers can exploit this remotely to bypass a...

This vulnerability allows unauthorized access to API endpoints in pankajindevops scale up software due to improper access controls. Attackers can remo...

This critical vulnerability in Code4Berry Decoration Management System 1.0 allows attackers to bypass permission controls through the /decoration/admi...

This critical vulnerability in Codezips Online Institute Management System 1.0 allows remote attackers to upload arbitrary files via the /pages/save_u...

This vulnerability in SourceCodester Online Eyewear Shop 1.0 allows attackers to bypass authorization controls during user creation. By manipulating t...

This vulnerability in NVIDIA vGPU software allows unprivileged users on Windows or Linux systems to execute privileged operations on the host, potenti...

Visual Tools DVR VX16 version 4.2.28 contains a local privilege escalation vulnerability in its Sudo configuration. Attackers with local access can ex...

CVE-2022-50927 is a local privilege escalation vulnerability in Cyclades Serial Console Server version 3.3.0. Attackers with local access can exploit ...

A privilege escalation vulnerability in Zoom's macOS installers allows local privileged users to gain higher system privileges. This affects Zoom Work...

This vulnerability in Beetel 777VR1 routers allows attackers with physical access to bypass access controls via the UART interface, potentially gainin...

An insufficient access control vulnerability in Red Hat Developer Hub allows cluster admins/users with standard access to modify the rhdh/rhdh-hub-rhe...

This vulnerability in DecoCMS Mesh allows improper access control through manipulation of the domain argument in the createTool function. Attackers ca...

This vulnerability allows authenticated users with lower privileges to escalate their permissions within the Media Author WordPress plugin. It affects...

This vulnerability in yeqifu warehouse allows improper access controls in cache management functions, potentially enabling unauthorized cache manipula...

This Keycloak vulnerability allows a user who owns one resource to modify authorization policies for other resources they don't own when those resourc...

This vulnerability allows unauthorized deletion of categories in jsbroks COCO Annotator through improper authorization in the Delete Category Handler....

This CVE describes an improper authorization vulnerability in Sanluan PublicCMS's trade address deletion endpoint. Attackers can remotely manipulate t...

This vulnerability in Chamilo LMS allows attackers to manipulate the userId parameter in the deleteLegal function, leading to improper authorization. ...