CWE-284: Improper Access Control

This CVE describes a sandbox escape vulnerability in Firefox's IndexedDB storage component. Attackers could potentially break out of browser security ...

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled inputs to bypass network restrictions and connect t...

This CVE describes a sandbox escape vulnerability in the Messaging System component of Firefox and Thunderbird. Attackers can potentially execute arbi...

An incorrect access control vulnerability in Desktop Alert PingAlert application server versions 6.1.0.11 to 6.1.1.2 allows remote attackers to escala...

This vulnerability allows unauthorized access to Microchip maxView Storage Manager's Redfish server, enabling attackers to modify data and disclose se...

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allows unauthenticated remote attackers to log in with ...

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow unauthenticated remote attackers to log in with defa...

A path traversal vulnerability in Moxa MXview Network Management software allows attackers to create or overwrite critical system files, potentially l...

This vulnerability in industrial control system gateways disables the internal firewall when VLAN features are enabled, exposing all gateway ports to ...

This vulnerability in Dozzle allows users restricted by label filters to bypass container isolation and obtain interactive root shells in out-of-scope...

CVE-2025-70982 is an improper access control vulnerability in SpringBlade v4.5.0 that allows attackers with low-level privileges to import sensitive u...

This vulnerability allows attackers with low-level privileges to escalate their privileges in SpringBlade v4.5.0 due to incorrect access control in th...

This critical vulnerability in Azure Resource Manager allows authenticated attackers to escalate privileges within Azure environments. Attackers with ...

This critical vulnerability in Veeam Backup & Replication's Mount service allows authenticated domain users to execute arbitrary code on backup infras...

Simple Car Rental System 1.0 has a session permission bypass vulnerability that allows low-privilege users to forge high-privilege sessions and perfor...

This vulnerability in Atos Eviden IDRA (Identity and Access Management solution) allows attackers to bypass access controls and illegitimately obtain ...

CVE-2023-29130 is a critical privilege escalation vulnerability in Siemens SIMATIC CN 4100 devices where improper access controls in configuration fil...

This critical vulnerability in Cisco Enterprise NFV Infrastructure Software allows attackers to escape from guest virtual machines to the host system,...

This vulnerability in Cisco Enterprise NFV Infrastructure Software allows attackers to escape from guest virtual machines to the host system, execute ...

This CVE-2021-25320 vulnerability in Rancher allows authenticated users within a cluster to access cloud provider credentials by making requests with ...

CVE-2026-27975 is an unauthenticated remote code execution vulnerability in Ajenti server admin panel. Attackers can execute arbitrary code on servers...

This vulnerability allows remote attackers to upload arbitrary files without restrictions to EFM iptime A6004MX routers via the commit_vpncli_file_upl...

This vulnerability allows unauthenticated attackers to access critical functions in Dinosoft ERP without proper authentication or access controls. Att...

This critical vulnerability in Azure Front Door allows attackers to bypass authentication and authorization controls, potentially gaining unauthorized...

CVE-2026-24306 is an improper access control vulnerability in Azure Front Door that allows unauthorized attackers to elevate privileges over a network...

This vulnerability allows unauthenticated attackers to directly access the administrative dashboard of HashTech without credentials, granting full adm...

This vulnerability allows unauthenticated remote attackers to completely compromise Axel Technology WOLF1MS and WOLF2MS devices by accessing the /cgi-...

The Eurolab ELTS100_UBX device with firmware ELTS100v1.UBX has critical administrative endpoints that lack any authentication. Attackers can remotely ...

This vulnerability allows attackers to predict the default Wi-Fi password on FiberHome GPON ONU HG6145F1 routers by observing the SSID, using a determ...

The Tenda AC15 router firmware exposes password hashes in authentication cookies and uses weak session identifiers, allowing attackers to steal and re...

A critical vulnerability in the ALPR Manager role of Genetec Security Center allows attackers to gain administrative access to the system. This affect...

Ericsson Network Manager (ENM) versions before 25.1 GA contain an improper access control vulnerability that allows attackers to escalate privileges. ...

This vulnerability allows unauthenticated attackers to access sensitive information like API keys through the /api/assistant/list endpoint in ThriveX ...

This vulnerability in rebuild 4.0.4 allows unauthenticated attackers to bypass authentication by manipulating URL paths. Attackers can access sensitiv...

This vulnerability allows unauthenticated attackers to download the configuration file of D-Link DSL-7740C routers by sending a specially crafted web ...

This vulnerability allows unauthenticated attackers to bypass access controls in my-site v1.0.2.RELEASE, potentially accessing sensitive components wi...

An improper access control vulnerability in Azure Databricks allows unauthorized attackers to elevate privileges remotely. This affects organizations ...

CVE-2024-57155 is an authentication bypass vulnerability in radar v1.0.8 that allows attackers to access sensitive APIs without valid authentication t...

This vulnerability allows unauthenticated attackers to bypass authentication in dts-shop v0.0.1-SNAPSHOT by sending a crafted payload to the /admin/au...

Institute-of-Current-Students 1.0 has an access control vulnerability in the mydetailsstudent.php endpoint that allows attackers to retrieve any stude...

This CVE describes a permissions vulnerability in macOS that allows applications to bypass certain Privacy preferences. Attackers could potentially ac...

This CVE describes a configuration bypass vulnerability in macOS that allows account-driven User Enrollment even when Lockdown Mode is enabled. This a...

This CVE describes a macOS vulnerability where an application can bypass file system protections and modify restricted areas. It affects macOS Ventura...

This vulnerability allows malicious applications to bypass macOS security protections and access sensitive user data they shouldn't have permission to...

This vulnerability allows attackers to bypass the pairing/registration requirement on IROAD Dashcam FX2 devices by connecting to the dashcam's Wi-Fi n...

This vulnerability in Linksys E2500 routers with vsftpd configuration allows attackers to bypass chroot restrictions and access system files. Attacker...

This vulnerability allows remote attackers to escalate privileges in NCR Terminal Handler v1.5.1 by sending crafted POST requests to specific SOAP API...

A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands with elevated privileges, includin...

CVE-2024-57190 is an authentication bypass vulnerability in Erxes that allows attackers to impersonate any user by sending a malicious HTTP header. Th...

This vulnerability allows remote attackers to execute arbitrary code on Tenda W18E routers by exploiting improper access control in the account module...