CWE-284: Improper Access Control

This vulnerability in Oracle Marketing allows unauthenticated attackers with network access via HTTP to compromise the system. It affects Oracle E-Bus...

PublicCMS v4.0.202302.e contains an arbitrary file content replacement vulnerability in the /admin/cmsTemplate/replace component. This allows authenti...

This CVE describes a Cross-Origin Resource Sharing (CORS) policy bypass vulnerability in Google Chrome that allows attackers to bypass discretionary a...

This vulnerability in Polarion ALM allows authenticated users to bypass project access controls using the Apache Lucene query engine, enabling them to...

CVE-2022-24972 is an authentication bypass vulnerability in TP-Link TL-WR940N routers that allows network-adjacent attackers to access stored credenti...

Nokia SR Linux has an authentication bypass vulnerability in its JSON-RPC service that allows attackers to access the service without valid credential...

This vulnerability in Oracle Applications Framework allows authenticated attackers with low privileges to perform unauthorized data manipulation (inse...

This vulnerability in Absolute Persistence® allows attackers with physical device access and full network control to execute operating system command...

CVE-2026-3748 is an unrestricted file upload vulnerability in Bytedesk's SVG file handler that allows attackers to upload malicious files without prop...

This vulnerability allows remote attackers to upload arbitrary files to the sz-boot-parent application via the /api/admin/sys-file/upload API endpoint...

CVE-2026-2978 is an unrestricted file upload vulnerability in FastApiAdmin's Scheduled Task API that allows remote attackers to upload arbitrary files...

This vulnerability allows attackers to upload arbitrary files without restrictions to the Great Developers Certificate Generation System via the /rest...

This vulnerability allows remote attackers to upload arbitrary files without restrictions through the updateAvatar function in guchengwuyue yshopmall....

This vulnerability allows remote attackers to upload arbitrary files to bolo-solo blog systems due to insufficient validation in the FreeMarker templa...

This vulnerability in code-projects Online Examination System 1.0 allows attackers to upload arbitrary files to the /admin_pic.php endpoint, potential...

This vulnerability in EyouCMS allows attackers to perform unrestricted file uploads via manipulation of the 'viewfile' parameter in the Member Avatar ...

This vulnerability allows remote attackers to upload arbitrary files to xiweicheng TMS systems without proper restrictions. Attackers can exploit this...

This vulnerability allows remote attackers to upload arbitrary files to JavaMall applications due to insufficient restrictions in the MinioController ...

CVE-2026-0577 is an unrestricted file upload vulnerability in code-projects Online Product Reservation System 1.0. Attackers can remotely upload malic...

This vulnerability allows remote attackers to upload arbitrary files via the photo parameter in the student registration page of PHPGurukul Online Cou...

This vulnerability allows remote attackers to upload arbitrary files via the image parameter in the userprofile.php file of College Notes Uploading Sy...

This vulnerability allows remote attackers to upload arbitrary files to the moga-mall application by manipulating the objectName parameter in the addP...

This vulnerability allows remote attackers to upload arbitrary files to the Student File Management System 1.0 via the /save_file.php endpoint. Attack...

CVE-2025-15009 is an arbitrary file upload vulnerability in ChestnutCMS up to version 1.5.8 that allows attackers to upload malicious files to the ser...

This vulnerability allows remote attackers to upload arbitrary files to SourceCodester Client Database Management System 1.0 via the /user_leads.php e...

This CVE describes an unrestricted file upload vulnerability in baowzh hfly's upload_json.php component. Attackers can remotely upload malicious files...

This vulnerability allows remote attackers to upload arbitrary files to Verysync 微力同步 web administration interface without proper restrictions...

This vulnerability allows remote attackers to upload arbitrary files to the Employee Profile Management System 1.0 via the /profiling/add_file_query.p...

This vulnerability in ProudMuBai GoFilm allows attackers to upload arbitrary files without restrictions via the SingleUpload function. It affects all ...

This vulnerability allows remote attackers to upload malicious files via the /add_book.php endpoint in projectworlds can pass software up to version 1...

This CVE describes an unrestricted file upload vulnerability in ashraf-kabir travel-agency software affecting the /customer_register.php endpoint. Att...

This vulnerability allows remote attackers to upload arbitrary files to Jiusi OA systems via the OfficeServer interface. Attackers can exploit this to...

Bdtask Flight Booking Software 4 contains an unrestricted file upload vulnerability in the agent profile edit functionality. Attackers can remotely up...

CVE-2025-13061 is an unrestricted file upload vulnerability in itsourcecode Online Voting System 1.0 that allows attackers to upload malicious files t...

CVE-2025-12862 is an unrestricted file upload vulnerability in projectworlds Online Notes Sharing Platform 1.0. Attackers can upload malicious files v...

A sandbox escape vulnerability in macOS allows malicious applications to bypass file quarantine restrictions and potentially access system resources o...

This vulnerability in Sliver's Wireguard netstack allows unrestricted communication between Wireguard clients, enabling compromised implants to attack...

This vulnerability in MaxSite CMS allows remote attackers to upload arbitrary files without proper restrictions. It affects MaxSite CMS versions up to...

This vulnerability in MaxSite CMS allows attackers to upload arbitrary files without restrictions by manipulating HTTP headers. It affects all MaxSite...

This vulnerability in Yonyou U8 Cloud allows attackers to upload arbitrary files without authentication by manipulating request headers. It affects al...

This vulnerability allows remote attackers to upload arbitrary files to LearnHouse's Course Thumbnail Handler API endpoint. Attackers can exploit this...

This vulnerability in Bdtask Flight Booking Software allows attackers to upload arbitrary files without restrictions via the Package Information Modul...

This vulnerability in Oracle PeopleSoft Enterprise FIN Payables 9.2 allows authenticated attackers with network access to modify or delete financial d...

This vulnerability allows remote attackers to upload arbitrary files to Shenzhen Ruiming Technology Streamax Crocus systems via the /FileDir.do?Action...

This vulnerability in JhumanJ OpnForm up to version 1.9.3 allows remote attackers to upload arbitrary files without restrictions via the /answer endpo...

Advanced Library Management System 1.0 contains an unrestricted file upload vulnerability in the edit_book.php file's image parameter. This allows rem...

Campcodes Advanced Online Voting Management System 1.0 contains an unrestricted file upload vulnerability in the /admin/voters_add.php endpoint. Attac...

SourceCodester Hotel and Lodge Management System 1.0 has an unrestricted file upload vulnerability in the profile.php image upload function. Attackers...

This vulnerability allows remote attackers to upload arbitrary files to the Online Hotel Reservation System 1.0 via the /admin/addgalleryexec.php endp...

CVE-2025-11351 is an unrestricted file upload vulnerability in code-projects Online Hotel Reservation System 1.0. Attackers can upload malicious files...