CWE-284: Improper Access Control

This critical vulnerability in needyamin Library Card System 1.0 allows attackers to upload arbitrary files to the /signup.php endpoint, potentially l...

CVE-2024-57378 is a broken access control vulnerability in Wazuh SIEM 4.8.2 that allows unauthorized creation of internal users without proper role as...

This vulnerability in Visual Studio Code's JS Debug Extension allows attackers to escalate privileges when debugging JavaScript applications. It affec...

This critical vulnerability in Lumsoft ERP 8 allows remote attackers to upload arbitrary files without restrictions via the DoUpload/DoWebUpload funct...

This CVE describes an elevation of privilege vulnerability in Visual Studio that allows authenticated attackers to gain higher privileges than intende...

This critical vulnerability in Blog Botz for Journal Theme 1.0 on OpenCart allows remote attackers to upload arbitrary files without restrictions via ...

CVE-2024-12233 is a critical unrestricted file upload vulnerability in code-projects Online Notice Board that allows attackers to upload malicious fil...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on Allegra installations due to improper access control in Struts...

The MStore API WordPress plugin allows unauthenticated attackers to create user accounts even when user registration is disabled. This affects all Wor...

This vulnerability in AMD μProf allows authenticated attackers to trigger an out-of-bounds write through insufficient IOCTL input validation, potenti...

This Windows Update vulnerability allows attackers with basic user privileges to elevate privileges by tricking administrators into performing system ...

This vulnerability in Oracle VM VirtualBox allows a low-privileged local attacker to gain complete control over the virtualization software when a use...

CVE-2024-26203 is an elevation of privilege vulnerability in Azure Data Studio that allows authenticated users to gain higher privileges than intended...

This vulnerability in Intel HotKey Services for Windows 10 on Intel NUC P14E Laptop Element allows authenticated local users to potentially cause deni...

This critical vulnerability in the Byzoro Smart S150 Management Platform allows attackers to bypass access controls via the /useratte/inc/userattea.ph...

Dell Command | Monitor versions before 10.10.0 contain an improper access control vulnerability that allows a local standard user to escalate privileg...

Dell Command | Configure versions before 4.11.0 have an improper access control vulnerability that allows local malicious users to modify files during...

A standard user account in Fuji Electric Tellus Lite can overwrite system files due to improper access control. This affects organizations using vulne...

This vulnerability in Dell OS Recovery Tool allows local authenticated non-administrator users to bypass access controls and gain elevated privileges ...

This vulnerability in Intel In-Band Manageability software allows authenticated local users to escalate privileges due to improper access control. It ...

This vulnerability in Dell OpenManage Server Administrator allows local low-privileged users to execute arbitrary code and elevate privileges due to i...

This vulnerability in Dell AppSync's Embedded Service Enabler component allows a local malicious user to escalate privileges during installation. It a...

CVE-2023-3039 is an improper access control vulnerability in SD ROM Utility that allows low-privileged users to execute arbitrary code with limited ac...

This vulnerability in Intel Unison software allows a privileged user to potentially escalate privileges through network access. It affects systems run...

This vulnerability in Intel VROC software allows authenticated users with local access to potentially escalate privileges due to improper access contr...

The Cloudflare WARP client for Windows had an insecure IPC Named Pipe that allowed unauthorized remote access. This enabled attackers to trigger WARP ...

This critical vulnerability in Ruijie RG-EW1200G wireless access points allows remote attackers to bypass authentication and gain administrative acces...

This vulnerability in Dell OS Recovery Tool allows local authenticated non-administrator users to elevate their privileges on the system. It affects v...

This vulnerability allows attackers to bypass access controls in the Online Food Ordering System 2.0 by manipulating the /fos/admin/ajax.php?action=sa...

This vulnerability in SourceCodester Music Gallery Site 1.0 allows attackers to bypass access controls via the Users.php file's POST request handler. ...

This vulnerability allows unauthenticated attackers to access sensitive endpoints in Fresenius Kabi Agilia Link+ medical infusion systems without any ...

This vulnerability in Insulet Omnipod Insulin Management System insulin pumps allows attackers to intercept or modify wireless RF communications due t...

CVE-2020-2506 is an improper access control vulnerability in QNAP QTS Helpdesk that allows attackers to bypass security controls. If exploited, attack...

This vulnerability allows attackers to bypass Coturn's IP address restrictions by using IPv4-mapped IPv6 addresses. Attackers can send CreatePermissio...

A critical vulnerability in Oracle ZFS Storage Appliance Kit's Block Storage component allows authenticated high-privilege attackers with network acce...

This vulnerability in Oracle Solaris 11's filesystem component allows a high-privileged attacker with local access to potentially take over the system...

This vulnerability in Microsoft Defender for IoT allows authenticated attackers to elevate privileges within the system. Attackers could gain higher-l...

This vulnerability allows attackers with admin or manager roles in Anything LLM to create new admin users without proper backend authentication, enabl...

This vulnerability in VitalPBX allows attackers to execute arbitrary code by uploading crafted payloads to the /var/lib/vitalpbx/scripts folder. It af...

This vulnerability allows administrators with existing access to bypass multi-factor authentication in Serv-U FTP server software. Attackers who alrea...

This vulnerability allows attackers with administrator access to Serv-U to bypass multi-factor authentication (MFA/2FA). It affects Serv-U 15.4 instal...

This vulnerability allows a privileged user on a local system to exploit improper access control in Intel's OFU kernel mode driver, potentially enabli...

This vulnerability in Zulip Server allows multi-use invitations created in one organization to be used to join any other organization on the same depl...

This vulnerability allows authorized users to execute arbitrary code on the server by accessing a specific webpage in Schneider Electric's EcoStruxure...

This CVE describes an access control list (ACL) bypass vulnerability in Pacemaker cluster resource manager. Attackers with local accounts in the hacli...

This vulnerability in Frappe framework allows authenticated users to share documents with permissions they don't possess, potentially granting unautho...

This CVE describes a sandbox escape vulnerability in multiple Apple operating systems where an app can bypass its security restrictions. It affects us...

This vulnerability allows authenticated attackers to modify the behavior of arbitrary LibreChat agents by uploading files to file contexts or file sea...

An Insecure Direct Object Reference vulnerability in Bagisto eCommerce platform allows authenticated customers to add items from other customers' orde...

CVE-2025-66736 is an authorization bypass vulnerability in youlai-boot V2.21.1 where the importUsers function lacks proper permission checks. This all...