CWE-284: Improper Access Control

This Java security vulnerability allows attackers to bypass sandbox protections in client-side Java deployments. It affects Java SE, GraalVM for JDK, ...

This vulnerability in Oracle Financial Services Analytical Applications Infrastructure allows authenticated attackers with low privileges to perform u...

An unauthenticated attacker can access sensitive reports in Juniper Networks Paragon Active Assurance Control Center without logging in, potentially e...

A denial of service vulnerability in Sealevel Systems SeaConnect 370W's Modbus configuration allows attackers to crash the device by sending specially...

An authentication bypass vulnerability in Juniper Networks Paragon Active Assurance Control Center allows attackers with specific deployment informati...

CVE-2026-2164 is an unrestricted file upload vulnerability in detronetdip E-commerce 1.0.0 that allows attackers to upload malicious files to the serv...

CVE-2026-2133 is an unrestricted file upload vulnerability in code-projects Online Music Site 1.0 that allows attackers to upload malicious files via ...

CVE-2025-15503 is an unrestricted file upload vulnerability in Sangfor Operation and Maintenance Management System that allows remote attackers to upl...

This vulnerability allows remote attackers to upload arbitrary files through the signup component in House Rental and Property Listing 1.0. Attackers ...

This vulnerability in jackying H-ui.admin allows attackers to upload arbitrary files without restrictions via the /lib/webuploader/0.1.5/server/previe...

This vulnerability allows remote attackers to upload arbitrary files to jackq XCMS systems due to insufficient validation in the upload.php component....

This vulnerability in campcodes Online Student Enrollment System 1.0 allows remote attackers to upload arbitrary files via the photo parameter in /adm...

This vulnerability allows remote attackers to upload arbitrary files to the Simple Food Ordering System 1.0 via the photo parameter in /editproduct.ph...

An improper access control vulnerability in Azure Event Grid allows unauthorized attackers to elevate privileges over a network. This affects Azure Ev...

This vulnerability allows an authorized attacker with local access to a system running Visual Studio to elevate their privileges beyond what they shou...

This vulnerability allows remote attackers to upload arbitrary files to the ProjectsAndPrograms School Management System via the /assets/uploadNotes.p...

This vulnerability allows remote attackers to upload arbitrary files to the ProjectsAndPrograms School Management System via the /assets/uploadSllyabu...

This vulnerability allows attackers to upload arbitrary files to the ProjectsAndPrograms School Management System via the /assets/createNotice.php end...

CVE-2025-11656 is an unrestricted file upload vulnerability in ProjectsAndPrograms School Management System that allows attackers to upload malicious ...

Lavasoft Web Companion (Ad-Aware WebCompanion) versions 8.9.0.1091 through 12.1.3.1037 have an unquoted service path vulnerability in DCIService.exe. ...

This vulnerability allows unauthenticated attackers to upload arbitrary files to Student Crud Operation systems, leading to remote code execution. It ...

This vulnerability allows remote attackers to upload arbitrary files to Tipray Data Leakage Prevention System 1.0 via the uploadWxFile.do endpoint. At...

Campcodes Online Job Finder System 1.0 has an unrestricted file upload vulnerability in the picture upload function of /eris/applicationform.php. This...

This vulnerability allows remote attackers to upload arbitrary files to the 1000projects Online Student Project Report Submission and Evaluation Syste...

This vulnerability allows remote attackers to perform unrestricted file uploads via the /api.php endpoint in eCharge Hardy Barth Salia PLCC systems. A...

This vulnerability allows an authorized attacker with local access to Windows MultiPoint Services to elevate privileges beyond their intended level. I...

This vulnerability allows remote attackers to upload arbitrary files to SiempreCMS installations via the /docs/admin/file_upload.php endpoint. This ca...

CVE-2025-9775 is an unrestricted file upload vulnerability in RemoteClinic's staff profile editing functionality. Attackers can upload malicious files...

CVE-2025-9772 is an unrestricted file upload vulnerability in RemoteClinic's /staff/edit.php endpoint that allows attackers to upload malicious files ...

This vulnerability allows remote attackers to upload arbitrary files to SourceCodester Human Resource Information System 1.0 via the /Superadmin_Dashb...

This vulnerability allows attackers to determine valid user accounts on Reolink Smart Doorbell systems by analyzing differences in error messages duri...

This critical vulnerability in oitcode samarium allows unrestricted file uploads via the Create Product Page component. Attackers can remotely exploit...

This vulnerability in NVIDIA Display Driver allows attackers to access memory outside permitted bounds in kernel mode. Successful exploitation could l...

CVE-2025-29556 is an access control bypass vulnerability in ExaGrid EX10 backup appliances that allows authenticated administrators to create or modif...

This critical vulnerability in Exam Form Submission 1.0 allows remote attackers to upload arbitrary files via the /register.php endpoint. Attackers ca...

This critical vulnerability in Campcodes Online Movie Theater Seat Reservation System 1.0 allows remote attackers to upload arbitrary files via the 'c...

CVE-2025-6843 is a critical unrestricted file upload vulnerability in Simple Photo Gallery 1.0 that allows remote attackers to upload arbitrary files ...

This critical vulnerability in SourceCodester Client Database Management System 1.0 allows remote attackers to upload arbitrary files via the /user_de...

This vulnerability in Intel Graphics software allows authenticated local users to potentially cause denial of service by exploiting improper access co...

An improper access control vulnerability in Intel Data Center GPU Flex Series drivers for Windows allows authenticated local users to potentially caus...

This critical vulnerability in veal98 Echo Community System 4.2 allows remote attackers to upload arbitrary files without authentication via the uploa...

This vulnerability allows memory corruption in the HAB (Hardware Abstraction Layer) process due to improper access control. Attackers could potentiall...

This critical vulnerability in Digiwin ERP 5.1 allows remote attackers to upload arbitrary files without restrictions via the DoUpload/DoWebUpload fun...

This vulnerability allows unauthorized attackers to modify administrator passwords in yimioa software due to improper access control in the WebSecurit...

This critical vulnerability in LoveCardsV2 allows unauthenticated attackers to upload arbitrary files to the /api/upload/image endpoint, potentially l...

This vulnerability allows an authenticated attacker on a Windows system to exploit improper access control in the Cross Device Service to gain elevate...

This vulnerability in Windows Cross Device Service allows an authenticated attacker to escalate privileges on a local system. It affects Windows devic...

This critical vulnerability in Lumsoft ERP 8 allows remote attackers to upload arbitrary files via the /Api/TinyMce/UploadAjaxAPI.ashx endpoint due to...

This critical vulnerability in hzmanyun Education and Training System 3.1.1 allows remote attackers to upload arbitrary files without restrictions via...

This critical vulnerability in needyamin Library Card System 1.0 allows attackers to upload arbitrary files to the /signup.php endpoint, potentially l...