CWE-284: Improper Access Control

This vulnerability in SigningHub v8.6.8 allows attackers to bypass access controls and create unlimited user accounts without rate limiting. This can ...

Webmin 2.510 has a Host Header Injection vulnerability in the password reset functionality that allows attackers to manipulate password reset emails. ...

This CVE describes a sandbox escape vulnerability in Xcode where malicious applications could read and write files outside their designated sandbox bo...

A sandbox escape vulnerability in macOS allows sandboxed applications to bypass security restrictions and access sensitive user data. This affects mac...

This vulnerability in Visual Studio Code's Remote Extension allows attackers to escalate privileges when connecting to remote workspaces. It affects u...

This vulnerability in AMI AptioV BIOS allows local attackers to bypass access controls and modify SPI flash memory, potentially installing persistent ...

This vulnerability in Combodo iTop allows attackers to bypass access controls by specifying arbitrary routes through allowed operations. It affects al...

This CVE allows low-privileged users without admin or power roles to create notifications in Splunk Web Bulletin Messages that are broadcast to all us...

This vulnerability in Brivo ACS100 and ACS300 access control systems allows attackers to bypass password recovery protections and gain unauthorized ac...

An improper access control vulnerability in Intel SUR software allows unauthenticated attackers on the same network segment to potentially cause denia...

This vulnerability in Intel PROSet/Wireless and Killer Wi-Fi software allows unauthenticated local users to trigger denial of service conditions. It a...

This vulnerability allows attackers with physical or administrative access to bypass System Management Mode (SMM) protections and access the SPI flash...

This vulnerability allows authenticated users to claim and access empty AWS accounts by sending malicious API requests with non-existent event IDs and...

This vulnerability in QMS Automotive's QMS.Mobile module allows attackers to bypass authorization checks, potentially accessing sensitive data, perfor...

This vulnerability allows memory corruption in the Qualcomm kernel due to improper access control when processing mapping requests from root processes...

This vulnerability in Intel Retail Edge Mobile iOS app allows authenticated users with local device access to escalate privileges. It affects iOS user...

This vulnerability in NVIDIA GPU Display Driver allows unprivileged users to access privileged kernel registers through the DxgkDdiEscape handler. Thi...

This vulnerability allows non-administrative users to modify movement detection parameters on Reolink RLC-410W cameras due to incorrect default permis...

This vulnerability in Azure Connected Machine Agent allows an authenticated attacker with local access to a machine to escalate privileges, potentiall...

Tenable Network Monitor versions before 6.5.1 have insecure directory permissions when installed to non-default locations on Windows, allowing local u...

This CVE describes a macOS sandbox escape vulnerability where malicious applications can bypass sandbox restrictions to access sensitive user data. It...

An improper access control vulnerability in Solidigm DC Products firmware allows attackers with physical or local access to gain unauthorized access o...

This vulnerability in Intel Thunderbolt driver software allows authenticated local users to escalate privileges due to improper access control. It aff...

This CVE describes an access control vulnerability in Huawei's security verification module that allows unauthorized access to protected resources. Su...

CVE-2026-21694 is an improper access control vulnerability in Titra time tracking software that allows authenticated users to view and edit other user...

A privilege boundary violation vulnerability in Radiometer medical analyzers allows users with physical access to bypass access controls and gain unau...

This vulnerability allows local attackers to bypass access controls in ImsService on Samsung devices, enabling unauthorized use of privileged APIs. It...

Kapsch TrafficCom RIS-9160 and RIS-9260 Roadside Units contain an unauthenticated EFI shell accessible during boot, allowing attackers to execute arbi...

This vulnerability allows physical attackers to bypass access controls on INSTAR 2K+ and 4K cameras via the UART interface. Attackers with physical ac...

This vulnerability in Visual Studio Code allows an authenticated local attacker to bypass access controls and gain elevated privileges on the system. ...

This vulnerability allows NetBackup administrators to modify the expiration of Governance mode backups in Veritas NetBackup, potentially causing prema...

CVE-2025-47179 is an improper access control vulnerability in Microsoft Configuration Manager that allows authenticated attackers to elevate privilege...

CVE-2025-22391 is an improper access control vulnerability in SigTest software (Ring 3 user applications) that allows authenticated local attackers to...

This vulnerability allows an attacker with access to the MIB3 infotainment system's main OS to compromise the CPU core responsible for CAN message pro...

Dell Alienware Command Center versions before 6.7.37.0 have an improper access control vulnerability that allows local low-privileged attackers to ele...

This CVE describes an improper access control vulnerability in FortiClient for Windows that allows local users to escalate privileges via the FortiSSL...

This vulnerability in Thunderbolt(TM) Share software allows an authenticated local user to potentially escalate privileges due to improper access cont...

This vulnerability in JAM STAPL Player software allows authenticated users with local access to potentially escalate privileges. It affects users runn...

This CVE describes an elevation of privilege vulnerability in Visual Studio that allows authenticated attackers to gain higher privileges than intende...

An improper access removal handling vulnerability in Solidigm DC Products firmware allows attackers with physical access to bypass security controls a...

This vulnerability in Intel RAID Web Console software allows authenticated users with local access to escalate privileges. It affects all versions of ...

This CVE describes an elevation of privilege vulnerability in Visual Studio that allows authenticated attackers to gain higher privileges than intende...

Dell Alienware Command Center versions before 6.10.15.0 have an improper access control vulnerability that allows local low-privileged attackers to ta...

This vulnerability allows an attacker with physical access to a locked Apple device to use Siri to access sensitive user data. It affects macOS, iOS, ...

Chartbrew versions before 4.8.1 have an authorization bypass vulnerability where authenticated users can manipulate charts belonging to other projects...

This vulnerability allows guest-level authenticated users on TP-Link Tapo C260 v1 cameras to bypass access restrictions by sending crafted requests to...

CVE-2026-24670 is a broken access control vulnerability in Open eClass (formerly GUnet eClass) that allows authenticated students to create new course...

CVE-2026-24668 is a broken access control vulnerability in Open eClass (formerly GUnet eClass) course management systems. Authenticated students can a...

This vulnerability allows authenticated users without proper permissions to download FAQ attachments in phpMyFAQ due to flawed permission checks. It a...

This vulnerability in Gitea allows authenticated users to modify the visibility settings of other users' OpenID identities due to improper ownership v...