CWE-284: Improper Access Control

This vulnerability allows authenticated users with local access to Intel NUC devices to bypass UEFI security controls and escalate privileges. It affe...

This vulnerability in the Windows Update Stack allows an authenticated attacker to execute arbitrary code with SYSTEM privileges. It affects Windows s...

CVE-2024-38195 is a remote code execution vulnerability in Azure CycleCloud that allows authenticated attackers to execute arbitrary code on affected ...

This vulnerability allows an authenticated attacker with local access to elevate privileges on Azure Arc-enabled servers. It affects systems running t...

This vulnerability in Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlyin...

This vulnerability allows shortcuts on Apple devices to bypass internet permission requirements, potentially enabling unauthorized network access. It ...

This vulnerability allows an attacker to gain elevated privileges on Windows systems through Windows File Explorer. It affects Windows 10, 11, and Ser...

Robotmk versions before 2.0.1 contain a privilege escalation vulnerability where local users can gain SYSTEM privileges when automated Python environm...

This vulnerability in Trend Micro Apex One allows a local attacker with low-privileged access to escalate privileges on affected systems. Attackers co...

This vulnerability in AMD PSP P2C Mailbox V2 SMI handler allows attackers to bypass SPI flash protection and leak/corrupt SMM memory. It affects syste...

This vulnerability in Intel GPA Framework software installers allows authenticated local users to escalate privileges due to improper access control. ...

This vulnerability allows attackers to execute arbitrary code through DLL hijacking in Veritas Backup Exec. Attackers can place malicious DLLs in loca...

This vulnerability in Oracle VM VirtualBox allows a low-privileged attacker with local access to a Linux host to completely compromise the VirtualBox ...

This vulnerability allows authenticated Windows users on affected SKYSEA Client View systems to place arbitrary files in a specific folder. If a malic...

This vulnerability in Intel oneAPI DPC++/C++ Compiler allows authenticated users with local access to potentially escalate privileges. It affects user...

This vulnerability in Dell SupportAssist allows locally authenticated users to escalate privileges and execute arbitrary code with Windows system-leve...

This critical vulnerability in KylinSoft hedron-domain-hook allows local attackers to bypass access controls via the DBus Handler's init_kcm function....

This vulnerability allows authenticated attackers with local access to potentially escalate privileges in systems using affected Intel Aptio V UEFI Fi...

This vulnerability in NVIDIA GPU Display Driver for Windows allows attackers to impersonate clients through named pipe access issues in wksServicePlug...

This vulnerability in Windows Remote Desktop Protocol (RDP) Encoder Mirror Driver allows authenticated attackers to execute arbitrary code with SYSTEM...

This Windows kernel vulnerability allows an authenticated attacker to execute arbitrary code with SYSTEM privileges by exploiting improper access cont...

This vulnerability in Dell Common Event Enabler allows local low-privileged users to bypass access controls and gain elevated privileges on affected W...

This vulnerability allows authenticated local attackers on Cisco ThousandEyes Enterprise Agent virtual appliances to escalate privileges to root by ex...

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable Remote Desktop Client software. Attackers can explo...

A local privilege escalation vulnerability in Lenovo Driver Manager allows authenticated local users to execute arbitrary code with SYSTEM/administrat...

This vulnerability allows an authenticated local attacker to escape the Cisco IOx application container and execute arbitrary commands with root privi...

This vulnerability in Wise System Monitor allows local attackers to bypass access controls through improper handling of IoControlCode in the WiseHDInf...

CVE-2023-24485 allows a standard Windows user to escalate privileges to SYSTEM level on computers running Citrix Workspace app. This vulnerability aff...

This vulnerability allows authenticated local attackers on Cisco Virtualized Infrastructure Manager (VIM) to access improperly protected configuration...

CVE-2021-42855 is a local privilege escalation vulnerability in SteelCentral AppInternals Dynamic Sampling Agent (DSA) where an attacker with local ac...

This vulnerability allows local attackers to escalate privileges on Linux systems running Citrix Workspace App with App Protection enabled. An attacke...

This vulnerability in NVIDIA's Linux kernel driver allows improper access control in the nvmap NVGPU_IOCTL_CHANNEL_SET_ERROR_NOTIFIER interface. Attac...

This vulnerability in Cisco Access Points allows authenticated local users to modify files and potentially gain root privileges through improper file ...

This vulnerability in Samsung's FactoryCameraFB app allows untrusted applications to access arbitrary files with elevated privileges due to improper a...

This vulnerability allows untrusted applications to perform local file inclusion attacks in Samsung Members app's webview component. Attackers could a...

This vulnerability allows local attackers to bypass access controls in Samsung's genericssoservice, enabling them to execute protected activities with...

This vulnerability in Adobe ColdFusion installer allows unprivileged users to create files in the default installation directory due to insecure ACL s...

This vulnerability in Adobe Genuine Service allows attackers to exploit improper access control when handling symbolic links, enabling privilege escal...

This vulnerability allows a local attacker with valid account credentials and limited access rights to manipulate specific files in certain folders, p...

This vulnerability allows unprivileged Windows users to achieve arbitrary code execution with SYSTEM privileges by creating a specially-crafted openss...

This vulnerability allows unauthenticated attackers to mark WooCommerce orders as paid without actual payment by reusing valid payment tokens from oth...

A local privilege escalation vulnerability in Lightspeed history service allows unprivileged users on the same system to access and manipulate other u...

An Insecure Direct Object Reference (IDOR) vulnerability in Lunary API versions up to 0.8.8 allows authenticated users to create templates in other us...

An improper access control vulnerability in Hillrom ELI Resting Electrocardiograph devices allows attackers to escalate privileges on affected medical...

This vulnerability in Node.js allows attackers to hook into worker thread creation events via the diagnostics_channel utility, enabling them to access...

SuiteCRM versions before 7.14.5 and 8.6.2 have an insufficient access control vulnerability in the API that allows authenticated attackers to delete r...

This CVE describes an improper access control vulnerability in Huawei's media library module that allows unauthorized access to restricted functionali...

Open Forms versions before 2.2.9/2.3.7/2.4.5/2.5.2 contain a multi-factor authentication weakness where superuser credentials could potentially bypass...

This vulnerability in Nextcloud Server allows a malicious authenticated user to delete any personal or global external storage configuration, making t...

This vulnerability allows a privileged user on a local system to escalate their privileges through improper access control in Intel SSD Toolbox. It af...