CWE-266: CWE-266

This vulnerability in Red Hat OpenShift AI Service's TrustyAI component grants excessive permissions to all authenticated users and service accounts. ...

This vulnerability in Frappe LMS 2.35.0 allows attackers to bypass access controls on unpublished courses through the /courses/ endpoint. Attackers ca...

This vulnerability in ClassCMS allows attackers to perform vertical privilege escalation through improper privilege handling in the user management co...

This vulnerability allows unauthorized access to system dashboard information in CoCoTeaNet CyreneAdmin up to version 1.3.0. Attackers can remotely ex...

This vulnerability in WeKan allows improper access controls through the REST endpoint, potentially enabling unauthorized access to board data. It affe...

This CVE describes an improper authorization vulnerability in Zhong Bang CRMEB's store integration API endpoint. Attackers can manipulate the order_id...

This vulnerability allows attackers with limited permissions to write files to specific locations on affected devices, potentially enabling system man...

This vulnerability allows low-privileged attackers to trigger critical system functions like reboot or factory reset without proper authorization. It ...

This vulnerability in Student File Management System 1.0 allows attackers to bypass authorization controls when downloading files via the /download.ph...

This vulnerability allows unauthorized modification of member address data in macrozheng mall versions up to 1.0.3. Attackers can exploit improper aut...

This vulnerability allows improper authorization in the submitOrderPayment function of youlai-mall, potentially enabling unauthorized order manipulati...

This vulnerability in youlaitech youlai-mall allows improper access controls via the getMemberByMobile function, enabling unauthorized access to membe...

This vulnerability allows unauthorized users to manipulate the balance deduction function in youlai-mall e-commerce platform, potentially enabling una...

This CVE describes an improper authorization vulnerability in orionsec orion-ops API that allows unauthorized access to machine key functionality. Att...

This vulnerability allows unauthorized access to order details in macrozheng mall-swarm and mall applications. Attackers can manipulate the orderId pa...

This vulnerability allows attackers to bypass authorization checks in the TIME-SEA-PLUS software's order status handler. Remote attackers can exploit ...

This vulnerability in JhumanJ OpnForm up to version 1.9.3 allows improper access controls via the /edit endpoint, potentially enabling unauthorized ac...

This CVE describes an improper authorization vulnerability in the wisdom-education software up to version 1.0.4. Attackers can remotely manipulate the...

This vulnerability in JeecgBoot allows unauthorized access to the tenant export function via the /sys/tenant/exportXls endpoint. Attackers can remotel...

JeecgBoot up to version 3.8.2 contains an improper authorization vulnerability in the /sys/position/exportXls endpoint that allows remote attackers to...

This vulnerability in JeecgBoot allows unauthorized access to the user export functionality via the /sys/user/exportXls endpoint. Attackers can exploi...

JeecgBoot up to version 3.8.2 has an improper authorization vulnerability in the /sys/role/exportXls endpoint that allows unauthorized access to role ...

CVE-2025-10822 is an improper authorization vulnerability in the fuyang_lipengjun platform 1.0 that allows unauthorized access to SMS log data via the...

This vulnerability allows unauthorized access to topic category data in fuyang_lipengjun platform 1.0 due to improper authorization in the TopicCatego...

This vulnerability in the fuyang_lipengjun platform 1.0 allows unauthorized access to the TopicController's queryAll function, enabling attackers to r...

This vulnerability in fuyang_lipengjun platform 1.0 allows unauthorized access to user coupon data through the UserCouponController queryAll function....

This vulnerability in fuyang_lipengjun platform 1.0 allows improper authorization through the BrandController function at /brand/queryAll. Attackers c...

CVE-2025-10674 is an improper authorization vulnerability in the fuyang_lipengjun platform 1.0 that allows attackers to access the /attributecategory/...

This vulnerability in fuyang_lipengjun platform 1.0 allows improper authorization via the AttributeController function at /attribute/queryAll, enablin...

This vulnerability in newbee-mall's order status handler allows attackers to manipulate order numbers to bypass authorization checks. Remote attackers...

This vulnerability allows unauthorized access to error log details in elunez eladmin systems. Attackers can remotely exploit improper authorization in...

This vulnerability in Portabilis i-Educar allows unauthorized access to class information through the /module/Api/turma endpoint. Attackers can exploi...

This vulnerability allows attackers to bypass intended access controls in the Site Offline WordPress plugin, potentially accessing restricted function...

This vulnerability in Portabilis i-Educar allows attackers to bypass authorization controls by manipulating the ID parameter in the /module/Api/pessoa...

This is a mass assignment vulnerability in Litemall 1.8.0 that allows unauthorized manipulation of adminComment parameters. Attackers can exploit this...

This vulnerability allows unauthenticated access to live video streams and recorded video files from SIFUSM/MZZYG BD S1 dashcams. Attackers on the sam...

This vulnerability allows unauthorized configuration changes on 70mai 1S dashcams via a local network attack. Attackers on the same network can modify...

This vulnerability in Novel-Plus allows unauthorized access to log viewing functionality due to improper authorization in the LogController. Attackers...

CVE-2025-3977 is an improper authorization vulnerability in iteachyou Dreamer CMS that allows attackers to bypass access controls on the attachment do...

This vulnerability allows unauthorized access to the Teacher String Handler component in huanfenz/code-projects StudentManager, potentially enabling a...

CVE-2025-3305 is an improper access control vulnerability in IKUN_Library 1.0 that allows remote attackers to bypass authorization checks in the Borro...

This vulnerability in SourceCodester Online Eyewear Shop 1.0 allows attackers to bypass access controls through manipulation of the email parameter in...

This vulnerability allows attackers with low-privileged JumpServer accounts to manipulate Kubernetes session configurations to redirect API requests t...

This vulnerability in TOTOLINK A3000RU routers allows improper access to the Syslog configuration file handler via /cgi-bin/ExportSyslog.sh. Attackers...

This vulnerability in JIZHICMS allows improper authorization through manipulation of the 'ishot' parameter in the Article Handler component. Attackers...

This vulnerability in D-Link DIR-618 and DIR-605L routers allows improper access control to the /goform/formVirtualServ endpoint, potentially enabling...

This vulnerability in D-Link DIR-618 and DIR-605L routers allows attackers with local network access to bypass access controls via the /goform/formSet...

This CVE describes an improper access control vulnerability in D-Link DIR-618 and DIR-605L routers affecting the /goform/formSetPassword endpoint. Att...

This vulnerability allows unauthorized access to video footage and live video streams in i-Drive i11 and i12 devices due to improper access controls. ...

TeamPass versions before 3.1.3.1 contain an authorization bypass vulnerability where users can access folder information without proper permission che...