CWE-284: Improper Access Control

This critical vulnerability in Blogbook allows remote attackers to upload arbitrary files without restrictions via the image parameter in the admin po...

This critical vulnerability in Realce Tecnologia Queue Ticket Kiosk allows remote attackers to upload arbitrary files without restrictions via the /ad...

This critical vulnerability in H3C SecCenter SMP-E1114P02 allows remote attackers to upload arbitrary files without restrictions via the /safeEvent/im...

CVE-2025-4735 is a critical unrestricted file upload vulnerability in Campcodes Sales and Inventory System 1.0. Attackers can remotely upload maliciou...

This macOS vulnerability allows malicious applications to escape their sandbox restrictions, potentially accessing system resources or other applicati...

CVE-2025-4538 is a critical unrestricted file upload vulnerability in kkFileView 4.4.0 that allows remote attackers to upload arbitrary files to the /...

This critical vulnerability allows remote attackers to upload arbitrary files without restrictions in the feng_ha_ha/megagao ssm-erp and production_ss...

CVE-2025-4291 is a critical unrestricted file upload vulnerability in IdeaCMS's saveUpload function that allows remote attackers to upload malicious f...

This critical vulnerability in Youkefu allows remote attackers to upload arbitrary files without restrictions via the MediaController.java Upload func...

OpenCTI versions 6.4.8 through 6.4.9 contain an authorization bypass vulnerability that allows authenticated users to modify restricted user attribute...

This critical vulnerability in My-BBS 1.0 allows remote attackers to upload arbitrary files without restrictions via the UploadController endpoint. Th...

This critical vulnerability in SourceCodester Web-based Pharmacy Product Management System 1.0 allows remote attackers to upload arbitrary files via t...

This critical vulnerability in SourceCodester Web-based Pharmacy Product Management System 1.0 allows remote attackers to upload arbitrary files via t...

This critical vulnerability in mymagicpower AIAS allows remote attackers to upload arbitrary files without restrictions, potentially leading to remote...

CVE-2025-3324 is a critical unrestricted file upload vulnerability in Nimrod 0.8's FileRestController.java that allows remote attackers to upload arbi...

CVE-2025-3040 is a critical unrestricted file upload vulnerability in Project Worlds Online Time Table Generator 1.0. Attackers can remotely upload ma...

This critical vulnerability in College Management System 1.0 allows remote attackers to upload malicious files via the profile_image parameter in /Adm...

CVE-2025-2952 is a critical unrestricted file upload vulnerability in Bluestar Micro Mall 1.0 that allows attackers to upload arbitrary files to the /...

This critical vulnerability in Digiwin ERP 5.0.1 allows remote attackers to upload arbitrary files via the /Api/TinyMce/UploadAjaxAPI.ashx endpoint. A...

This critical vulnerability in Yue Lao Blind Box software allows remote attackers to upload arbitrary files without restrictions via the base64image f...

This critical vulnerability in LzCMS-LaoZhangBoKeXiTong allows attackers to upload arbitrary files without restrictions via the /admin/upload/upimage....

This critical vulnerability in IROAD Dash Cam FX2 allows unauthenticated attackers on the local network to upload arbitrary files, potentially leading...

This critical vulnerability in s-a-zhd Ecommerce-Website-using-PHP 1.0 allows remote attackers to upload arbitrary files via the name parameter in /cu...

Apache Traffic Server versions 10.0.0 through 10.0.3 contain an improper access control vulnerability (CWE-284) that could allow unauthorized access t...

CVE-2025-1835 is a critical unrestricted file upload vulnerability in osuuu LightPicture 1.2.2 that allows remote attackers to upload arbitrary files ...

This critical vulnerability in zj1983 zz software allows remote attackers to upload arbitrary files without restrictions via the ZfileAction.upload fu...

CVE-2025-1791 is a critical unrestricted file upload vulnerability in Zorlan SkyCaiji 2.9 that allows remote attackers to upload arbitrary files to th...

CVE-2025-1166 is a critical unrestricted file upload vulnerability in SourceCodester Food Menu Manager 1.0. Attackers can remotely upload arbitrary fi...

This critical vulnerability in Shanghai Lingdang Information Technology's Lingdang CRM allows remote attackers to upload arbitrary files without authe...

This vulnerability allows attackers to upload arbitrary files without restrictions through the Change Image Handler component in Online Bike Rental Sy...

This critical vulnerability in SingMR HouseRent 1.0 allows remote attackers to upload arbitrary files without restrictions via the singleUpload/upload...

This vulnerability allows remote attackers to upload arbitrary files without restrictions in ZeroWdd myblog 1.0. Attackers can potentially upload mali...

This critical vulnerability in My-Blog 1.0 allows remote attackers to upload arbitrary files without restrictions via the uploadFileByEditomd function...

This critical vulnerability in ZeroWdd studentmanager 1.0 allows remote attackers to upload arbitrary files via the addTeacher/editTeacher functions. ...

This critical vulnerability in ZeroWdd studentmanager 1.0 allows attackers to upload arbitrary files without restrictions through the addStudent/editS...

This critical vulnerability in Tarzan CMS 1.0.0 allows remote attackers to upload arbitrary files without restrictions via the UploadResponse function...

This critical vulnerability in Portfolio Management System MCA 1.0 allows remote attackers to upload arbitrary files via the /update_pd_process.php en...

This critical vulnerability in Lingdang CRM allows attackers to upload arbitrary files without restrictions via the /crm/wechatSession/index.php endpo...

This critical vulnerability in Codezips Online Institute Management System 1.0 allows remote attackers to upload arbitrary files via the /edit_user.ph...

This vulnerability in Directus allows broken access control when using _in or _nin operators with empty arrays. Attackers can bypass intended permissi...

Aquarius Desktop 3.0.069 for macOS stores user credentials in a local file using weak obfuscation that can be easily reversed, allowing attackers who ...

This CVE describes a permissions bypass vulnerability in macOS Shortcuts that allows shortcuts to access files normally restricted from the Shortcuts ...

phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability that allows attackers to manipulate session variables by controlling ...

An unauthenticated vulnerability in Oracle Applications Manager allows attackers to modify or read limited data by tricking users into interacting wit...

An unauthenticated attacker can exploit this vulnerability in Oracle JD Edwards EnterpriseOne Tools Web Runtime SEC component via HTTP to modify or re...

An unauthenticated attacker can exploit this vulnerability in Oracle Workflow Notification Mailer via HTTP to modify or read data. The attack requires...

An unauthenticated attacker can exploit this vulnerability in Oracle iStore via HTTP to modify or read limited data, requiring interaction from anothe...

This vulnerability in Oracle Universal Work Queue allows unauthenticated attackers with network access via HTTP to compromise the system. It affects O...

This vulnerability in Oracle Business Intelligence Enterprise Edition allows unauthenticated attackers with network access via HTTP to compromise the ...

An unauthenticated attacker can exploit this vulnerability in Oracle Application Object Library via HTTP to modify or read limited data, requiring use...