CWE-284: Improper Access Control

This vulnerability allows unauthenticated attackers to bypass authentication in hope-boot v1.0.0 by sending a specially crafted GET request to the /us...

This vulnerability allows attackers to bypass access controls in yaoqishan's admin API, enabling unauthorized users to gain administrative privileges....

This vulnerability allows authenticated users of DataEase to achieve remote code execution through the backend JDBC link functionality. It affects all...

OpenFGA versions 1.3.6 through 1.8.10 contain an authorization bypass vulnerability in Check and ListObject calls. This allows attackers to bypass per...

This vulnerability allows attackers to bypass authentication mechanisms in Orban OPTIMOD 5950 systems, granting them Administrator privileges without ...

A privilege escalation vulnerability in RUoYi v.4.8.0 allows remote attackers to gain administrative privileges. The cancelAuthUserAll method fails to...

A privilege escalation vulnerability in RUoYi v.4.8.0 allows remote attackers to gain elevated privileges through the /editSave method in SysNoticeCon...

A privilege escalation vulnerability in RUoYi v.4.8.0 allows remote attackers to gain elevated privileges by manipulating the jobId parameter. This af...

A privilege escalation vulnerability in RUoYi v.4.8.0 allows remote attackers to gain elevated privileges through the changeStatus method. This affect...

A privilege escalation vulnerability in RUoYi v.4.8.0 allows remote attackers to gain elevated privileges by exploiting improper validation of the dep...

This vulnerability allows malicious shortcuts in Apple's Shortcuts app to bypass file access restrictions and read sensitive files that should be inac...

This macOS vulnerability allows malicious applications to trick users into copying sensitive data to the system clipboard without proper authorization...

CVE-2025-26010 allows unauthenticated attackers to modify administrator passwords on Telesquare TLR-2005KSH routers by exploiting the admin.cgi parame...

This vulnerability allows attackers to bypass Shiro-based RBAC controls in OpenDaylight SFC, enabling unauthorized execution of privileged operations....

This vulnerability allows remote unauthenticated attackers to bypass administrator authentication on FortiMail email security appliances. Attackers ca...

This vulnerability allows attackers to bypass access controls in Vasion Print (formerly PrinterLogic) due to improper PHP configuration. Attackers can...

Unifiedtransform v2.X has an improper access control vulnerability where unauthorized users can access and manipulate the teacher/edit/{id} endpoint i...

The Vayu Blocks WordPress plugin has a critical vulnerability that allows unauthenticated attackers to install and activate arbitrary plugins. This ca...

CVE-2023-26770 is an authentication bypass vulnerability in TaskCafe where unauthenticated attackers can reset any user's password by knowing their Us...

This vulnerability in the Arc browser allows attackers to create or update JavaScript boosts using another user's ID due to misconfigured Firebase ACL...

Loftware Spectrum through version 4.6 has an unprotected JMX Registry, allowing unauthenticated remote attackers to access Java Management Extensions ...

This vulnerability allows attackers to reset passwords for any user account by exploiting insufficient domain validation in the password reset functio...

This vulnerability allows unauthenticated attackers to directly call actions in the OutputController of the powermail TYPO3 extension, bypassing acces...

An incorrect access control vulnerability in Rubrik Cloud Data Management (CDM) allows attackers with network access to bypass authentication and exec...

An improper access control vulnerability in SonicWall SonicOS management interface allows attackers to bypass authentication and access restricted res...

eScan Management Console 14.0.1400.2281 has an incorrect access control vulnerability in the acteScanAVReport component that allows unauthorized acces...

This Broken Access Control vulnerability in Kashipara Online Exam System v1.0 allows unauthenticated remote attackers to directly access administrator...

This vulnerability in Poly Clariti Manager firmware allows attackers to bypass access controls due to improper implementation. Attackers could gain un...

CVE-2024-38909 is an incorrect access control vulnerability in elFinder 2.1.64 that allows attackers to copy files with unauthorized extensions betwee...

This vulnerability allows attackers to bypass authentication and gain administrative privileges on Solar-Log 1000 devices by connecting to the web adm...

Meshery v0.7.51 has insecure permissions that allow attackers to access the service account's token. This enables privilege escalation and access to s...

LibreChat through version 0.7.4-rc1 has an access control vulnerability that allows unauthorized users to modify messages belonging to other users. Th...

CVE-2024-39376 allows unauthorized users to access sensitive information or perform actions beyond their permissions on TELSAT marKoni FM Transmitters...

This vulnerability in GigaDevice GD32E103C8T6 microcontrollers allows unauthorized access to protected memory regions due to incorrect access control....

This vulnerability allows remote attackers to bypass authentication in Axiros AXESS Auto Configuration Server (ACS) and execute arbitrary code without...

CVE-2024-22074 is an incorrect access control vulnerability in Dynamsoft Service that allows unauthorized users to bypass authentication mechanisms. T...

An improper access control vulnerability in Prodys' Quantum Audio codec allows unauthenticated attackers to bypass authentication entirely and execute...

Westermo EDW-100 serial-to-Ethernet converters have a hidden root account with an unchangeable hardcoded password, allowing attackers to gain full adm...

This vulnerability allows attackers to bypass access controls on the Shenzhen JF6000 Cloud Media Collaboration Processing Platform. Attackers can pote...

This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on Apache HugeGraph-Server instances. It affects all Apache H...

This critical vulnerability in Xiongmai video surveillance devices allows remote attackers to bypass authentication controls via a crafted input to th...

Siklu TG Terragraph devices have a hardcoded root password that can be discovered via brute force attacks on an MD5 hash. This allows attackers to gai...

This vulnerability in the ultimateimagetool module for PrestaShop allows remote attackers to bypass access controls, potentially gaining administrativ...

SINEMA Remote Connect Server versions before V3.2 have improper access control on web service endpoints, allowing attackers to bypass authentication a...

This vulnerability allows unauthenticated attackers to bypass access controls in Book Store Management System v1, enabling them to access administrati...

CVE-2023-49930 is an improper access control vulnerability in Couchbase Server that allows unauthenticated attackers to execute arbitrary code via cUR...

In RWS WorldServer versions before 11.7.3, regular authenticated users can create new user accounts with Administrator privileges through the UserWSUs...

CVE-2024-25169 allows attackers to bypass access control mechanisms in Mezzanine's admin panel via crafted requests, potentially gaining unauthorized ...

CVE-2024-24300 is an authentication bypass vulnerability in 4ipnet EAP-767 wireless access points where session cookies remain static across multiple ...

This vulnerability in Microsoft Entra Jira Single-Sign-On Plugin allows attackers to elevate privileges, potentially gaining unauthorized access to Ji...