CWE-266: CWE-266

CVE-2025-14889 is an authorization bypass vulnerability in Campcodes Advanced Voting Management System 1.0 that allows attackers to manipulate voter r...

This vulnerability in Ningyuanda TC155 57.0.2.0 allows attackers on the local network to perform unauthorized factory resets via the ONVIF Device Mana...

This vulnerability in macrozheng mall-swarm allows unauthorized deletion of user read history records through improper authorization in the delete fun...

This vulnerability in ZenTao's file handler allows attackers to manipulate file deletion operations through improper privilege management. Attackers c...

This vulnerability in macrozheng mall allows attackers to bypass access controls and delete user read history records without proper authorization. Re...

This vulnerability allows attackers to cancel orders without proper authorization in macrozheng mall-swarm and mall applications. Attackers can exploi...

This vulnerability allows improper authorization in macrozheng mall-swarm and mall applications up to version 1.0.3. Attackers can manipulate the orde...

This vulnerability in SeriaWei ZKEACMS allows unauthorized deletion of URL redirection entries through improper authorization in the POST request hand...

This CVE describes a privilege escalation vulnerability in NetApp StorageGRID where authenticated attackers can discover Grid node names and IP addres...

CRMEB versions up to 5.6.1 contain an improper authorization vulnerability in the editAddress function that allows attackers to manipulate address IDs...

This vulnerability in CRMEB allows attackers to manipulate administrator password reset functionality to gain unauthorized access. It affects CRMEB in...

CVE-2025-9937 is an improper authorization vulnerability in elunez eladmin's LocalStorageController deleteFile function that allows unauthorized file ...

This vulnerability in SAP NetWeaver Application Server for ABAP allows authenticated users to bypass authorization controls in the barcode interface, ...

CVE-2025-7947 is an improper authorization vulnerability in jshERP's account deletion function that allows attackers to delete user accounts without p...

This vulnerability allows remote attackers to delete chat histories they shouldn't have access to due to improper access controls in the deleteChat fu...

This vulnerability in StarSea99 starsea-mall allows attackers to bypass access controls and modify user information by manipulating the userId paramet...

This vulnerability allows remote authenticated users to escalate their privileges in Hitachi Storage Plug-in for VMware vCenter. Attackers with existi...

This vulnerability in TIM BPM Suite & TIM FLOW allows remote attackers to escalate privileges by exploiting weak MD5 password hashes stored by the app...

This vulnerability in roncoo-pay allows improper authorization through manipulation of the /user/info/lookupList endpoint, potentially enabling unauth...

This critical vulnerability in SourceCodester Student Result Management System 1.0 allows unauthorized privileged user creation through improper acces...

CVE-2025-5175 is an improper authorization vulnerability in erdogant pypickle's Save function that allows local attackers to bypass intended access co...

This vulnerability in Weitong Mall 1.0.0 allows remote attackers to bypass access controls by manipulating the 'isDelete' parameter in the /historyLis...

CVE-2025-4064 is an improper access control vulnerability in ScriptAndTools Online-Travling-System 1.0 that allows unauthorized access to the admin vi...

This critical vulnerability in baseweb JSite 1.0's Apache Druid Monitoring Console allows unauthorized access to the /druid/index.html component due t...

This critical vulnerability in TOTOLINK A3700R routers allows attackers to bypass access controls on the setL2tpServerCfg function via the /cgi-bin/cs...

This vulnerability allows remote attackers to bypass access controls on TOTOLINK A3700R routers via the setScheduleCfg function in the web interface. ...

This critical vulnerability in TOTOLINK A3700R routers allows attackers to bypass access controls on the setWiFiEasyGuestCfg function via the /cgi-bin...

This vulnerability in Tenda FH1202 routers allows attackers to bypass access controls via the /goform/wrlwpsset endpoint, potentially enabling unautho...

This vulnerability in Tenda FH1202 routers allows attackers to bypass access controls on the web management interface's SysToolDDNS component. Attacke...

This critical vulnerability in Tenda FH1202 routers allows improper access controls through manipulation of the /default.cfg file, potentially enablin...

This critical vulnerability in Tenda FH1202 routers allows remote attackers to bypass access controls via the web management interface. Attackers can ...

This critical vulnerability in Tenda FH1202 routers allows attackers to bypass access controls via the /goform/AdvSetWrlGstset endpoint in the web man...

This vulnerability allows remote attackers to improperly access the IBMS configuration file handler in TOTOLINK A3000RU routers. Attackers can exploit...

This critical vulnerability in ywoa allows remote attackers to bypass authorization controls via the /oa/setup/setup.jsp file. It affects all ywoa ins...

This vulnerability in AlDente Charge Limiter allows local attackers to bypass authorization checks in the XPC service, potentially enabling unauthoriz...

This vulnerability in MicroWorld eScan Antivirus 7.0.32 on Linux allows local attackers to exploit incorrect default permissions in the installation h...

CVE-2025-0206 is a critical improper access control vulnerability in code-projects Online Shoe Store 1.0 that allows unauthorized access to the admin ...

This vulnerability allows unauthorized access to the /doc.html endpoint in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2...

This vulnerability in D-Link DIR-816 routers allows unauthorized access to the IP QoS configuration handler due to improper access controls. Attackers...

This vulnerability allows remote attackers to bypass authentication and access WiFi settings on affected D-Link DIR-816 A2 routers. Attackers can modi...

CVE-2024-13067 is an improper access control vulnerability in CodeAstro Online Food Ordering System 1.0 that allows unauthorized access to the admin/a...

This vulnerability in FoxCMS allows attackers to bypass authorization controls by manipulating password parameters in the API endpoint. It affects all...

This CVE describes an improper authorization vulnerability in the Druid monitoring interface of Jeewms warehouse management software. Attackers can re...

This vulnerability allows authenticated users in IBM Jazz Foundation to modify dashboards they shouldn't have access to by sending specially crafted H...

This critical vulnerability in Altenergy Power Control Software allows unauthorized access to database information through improper authorization on t...

This vulnerability allows remote attackers to bypass authentication on TOTOLINK LR350 routers by manipulating the authCode parameter in the /formLogin...

An incorrect privilege assignment vulnerability in OTRS allows agents with read-only permissions to gain full access to tickets in rare configurations...

This vulnerability in Aquarius HelperTool (1.0.003) on macOS allows local attackers to escalate privileges to root. The XPC service fails to validate ...

This macOS vulnerability allows malicious applications to hijack entitlements granted to other privileged apps, potentially gaining unauthorized acces...

This CVE describes an improper authorization vulnerability in WeKan's REST API that allows attackers to manipulate board organization settings through...