CWE-284: Improper Access Control

This CVE describes an improper certificate validation vulnerability in UniFi Connect products that allows attackers on the same network to potentially...

This vulnerability allows unauthenticated attackers to bypass authentication on affected Mitel SIP phones and conference units. Attackers could modify...

This vulnerability in silex technology DS-600 firmware allows remote attackers to retrieve sensitive information via an unauthenticated GET EEP_DATA c...

This CVE describes a permission control vulnerability in the window module of Huawei/HarmonyOS systems. Successful exploitation could allow unauthoriz...

This vulnerability allows remote attackers to access all order confirmations from the TradePro v9.5 online shop due to incorrect access control in the...

Alldata V0.4.6 has insecure permissions that allow low-privileged users (including test accounts) to query information about all users in the system. ...

This directory listing vulnerability in Customer Support System v1 allows unauthenticated attackers to enumerate directories and access sensitive file...

This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via T3 or IIOP protocols to access sensitive data. I...

This vulnerability in Oracle Java SE and GraalVM allows unauthenticated attackers with network access to modify critical data in Java deployments that...

This vulnerability allows unauthenticated attackers to modify SMB settings on QStar Archive Solutions servers without authentication. It affects QStar...

This vulnerability allows unauthenticated attackers to access system backups and sensitive information from QStar Archive Solutions servers. It affect...

This vulnerability in WALLIX Bastion and Access Manager involves incorrect access control that could allow unauthorized users to access sensitive data...

Relyum RELY-PCIe 22.2.1 devices have a system group misconfiguration that allows unauthorized read access to the operating system's central password h...

This vulnerability allows unauthenticated attackers to bypass security controls and access ColdFusion administration endpoints (CFM/CFC files). Adobe ...

This vulnerability in Intel Connectivity Performance Suite's user mode driver allows unauthenticated attackers to potentially access sensitive informa...

CVE-2023-46759 is a permission control vulnerability in Huawei's call module that allows unauthorized access to sensitive information. Successful expl...

CVE-2023-46664 is an improper access control vulnerability in Sielco PolyEco1000 that allows attackers to bypass authorization by manipulating user-su...

Sielco PolyEco1000 devices have an information disclosure vulnerability where unauthenticated remote attackers can access sensitive information via sp...

CVE-2023-38848 is an information disclosure vulnerability in rmc R Beauty CLINIC Line software that allows remote attackers to access sensitive inform...

This vulnerability allows attackers with permission to manage PAM propagation scripts in Devolutions Server to retrieve stored passwords via a GET req...

NVIDIA Cumulus Linux has a VxLAN forwarding vulnerability where specially crafted IPv6 packets may be incorrectly forwarded, potentially exposing netw...

CVE-2023-40850 is an incorrect access control vulnerability in Netentsec NS-ASG 6.3 that allows attackers to leak sensitive files from the application...

An incorrect access control vulnerability in PowerJob versions 4.3.2 and earlier allows remote attackers to obtain sensitive information by querying t...

This vulnerability in pnpm allows attackers to create specially crafted tarballs that appear safe when inspected on npm registry or installed via npm,...

This vulnerability allows attackers to bypass security controls in Adobe ColdFusion and access administration endpoints without authentication. It aff...

This vulnerability allows unprivileged remote attackers to download files from SICK FTMg AIR FLOW SENSOR devices via the REST interface using low-priv...

This vulnerability allows attackers to bypass security features in Azure Service Connector, potentially gaining unauthorized access to connected resou...

This vulnerability allows authenticated attackers on the FortiSOAR administrative interface to perform unauthorized actions via crafted HTTP requests....

This vulnerability allows remote attackers to bypass access controls and download arbitrary files from the directory where SS1 or Rakuraku PC Cloud Ag...

This vulnerability in Zulip allows deactivated users to access messages when Single Sign-On (SSO) is enabled. It affects Zulip servers running version...

This vulnerability in Mendix applications allows attackers with access to an active user session to change that user's password without proper validat...

CVE-2022-31055 is a security misconfiguration vulnerability in kCTF (Kubernetes CTF infrastructure) where the 'kctf cluster set-src-ip-ranges' command...

CVE-2021-26627 allows remote attackers to access live video feeds without authentication by sending RTSP requests to vulnerable devices. This affects ...

This vulnerability in Arista EOS platforms allows VXLAN match rules in IPv4 access-lists to ignore specified IP protocols when applied to L2/L3 port i...

CVE-2020-13677 is an access control vulnerability in Drupal's JSON:API module that allows attackers to bypass intended content restrictions. This affe...

This vulnerability allows unauthenticated attackers to access privileged logfiles and diagnostic data on Siemens CP-8000 and CP-8021/8022 master modul...

CVE-2021-26338 is an improper access control vulnerability in AMD's System Management Unit (SMU) that allows attackers to override performance control...

This vulnerability in the WP DSGVO Tools (GDPR) WordPress plugin allows unauthenticated attackers to delete any post or page on affected websites. Att...

An improper access control vulnerability in the FirmwareUpgrade component of QSAN Storage Manager allows remote attackers to reboot and disrupt storag...

This vulnerability allows unauthenticated attackers to trigger a denial-of-service condition in Adobe Experience Manager (AEM) by exploiting improper ...

CVE-2021-26118 is an access control bypass vulnerability in Apache ActiveMQ Artemis where advisory message creation in the OpenWire protocol bypasses ...

pgAdmin 9.11 in server mode has a restore restriction bypass vulnerability that allows authenticated attackers to execute arbitrary commands on the ho...

This vulnerability in Java Secure Socket Extension (JSSE) allows attackers to manipulate or access critical data in Java applications. It affects mult...

A permissions vulnerability in macOS allows applications to bypass access controls and access protected user data. This affects macOS Ventura, Sequoia...

A sandbox escape vulnerability in macOS allows sandboxed applications to bypass security restrictions and access sensitive user data. This affects mac...

CVE-2024-53348 is an incorrect access control vulnerability in LoxiLB load balancer software that allows attackers to bypass authentication mechanisms...

This vulnerability in Mattermost allows a malicious remote user in a shared channel to overwrite an existing local user's account. This affects Matter...

This vulnerability involves incorrect access control in Artery AT32F415CBT7 and AT32F421C8T7 microcontroller devices, allowing unauthorized access to ...

This CVE describes an Improper Access Control vulnerability in Adobe ColdFusion that allows attackers to read arbitrary files from the file system wit...

This vulnerability in Spring Security allows broken access control when applications directly use AuthenticationTrustResolver.isFullyAuthenticated() w...