CWE-284: Improper Access Control

This vulnerability allows an authenticated attacker to elevate privileges within the Windows Recovery Environment Agent. Attackers could gain SYSTEM-l...

This CVE describes an improper access control vulnerability in AMD SEV-SNP (Secure Encrypted Virtualization with Secure Nested Paging) that could allo...

An improper access control vulnerability in Payeer Android app 2.5.0 allows local attackers with root access to bypass PIN verification and change the...

This vulnerability in Oracle Financial Services Revenue Management and Billing's Chatbot component allows authenticated high-privilege attackers to ma...

This vulnerability allows editor-privileged users in DDSN Interactive cm3 Acora CMS version 10.1.1 to access sensitive information like administrator ...

This vulnerability in Oracle Database Server's Java VM component allows unauthenticated attackers with network access via Oracle Net to potentially mo...

This vulnerability in Oracle Java SE and GraalVM allows an unauthenticated attacker with network access to potentially modify critical data through di...

An improper access control vulnerability in Intel GPA software allows authenticated local users to potentially cause denial of service. This affects u...

An unauthenticated attacker can delete music genre entries in Kashipara Music Management System v1.0 via the /music/ajax.php?action=delete_genre endpo...

This vulnerability allows Mattermost users to link their playbook runs to private channels they don't have access to, bypassing intended access contro...

This vulnerability allows unauthenticated remote attackers to bypass access controls on Cisco ASA and FTD firewalls by sending traffic that should be ...

An improper access control vulnerability in Intel Tiber Edge Platform's Edge Orchestrator software allows unauthenticated attackers on adjacent networ...

An Improper Access Control vulnerability in EmbedAI 2.1 and earlier allows authenticated attackers to access other users' files by manipulating the FI...

An authenticated attacker can write messages into other users' chat sessions by manipulating the 'chat_id' parameter in EmbedAI's chat functionality. ...

This vulnerability allows unauthenticated remote attackers to bypass Cisco Firepower Threat Defense security rules for Ethernet Industrial Protocol tr...

This vulnerability allows unauthenticated remote attackers to bypass configured IPv4 access control lists on affected Cisco switches when Resilient Et...

A vulnerability in Cisco Firepower Threat Defense (FTD) software allows attackers to bypass file policies that should block encrypted archive files. U...

Mattermost Android mobile apps up to version 2.21.0 have a misconfigured file provider that allows local attackers to access sensitive files. This aff...

This CVE describes an Improper Access Control vulnerability in Adobe ColdFusion where low-privileged authenticated users can bypass security controls ...

This vulnerability in Oracle Java SE and GraalVM's 2D component allows an unauthenticated attacker with network access to potentially compromise Java ...

This vulnerability allows identifying information to leak to Live Caller ID app extensions even when those extensions are disabled. It affects iOS and...

This vulnerability allows an authorized attacker on a Windows system to access sensitive information through improper access control in the Client-Sid...

A permissions vulnerability in Apple operating systems allows applications to access sensitive payment tokens without proper authorization. This affec...

This CVE describes an iOS/iPadOS vulnerability where apps could bypass entitlement checks to access sensitive user data. It affects users running vuln...

This CVE describes a macOS and Safari vulnerability where insufficient permission checks could allow an application to access sensitive user data. The...

A permissions vulnerability in macOS allows applications to access sensitive location information without proper authorization. This affects macOS Tah...

A logic vulnerability in macOS allows applications to bypass access restrictions and read protected user data. This affects macOS Tahoe, Sequoia, and ...

A permissions vulnerability in macOS allows applications to bypass intended restrictions and access protected user data. This affects macOS Tahoe vers...

This CVE describes an authorization vulnerability in Apple operating systems where improper state management could allow an application to access sens...

This vulnerability allows malicious apps to bypass entitlement checks and access sensitive user data on Apple devices. It affects iOS, iPadOS, and mac...

A sandbox escape vulnerability in macOS allows sandboxed applications to bypass security restrictions and access sensitive user data. This affects mac...

This CVE describes an improper access control vulnerability in macOS where applications could bypass entitlement checks and access sensitive user data...

This macOS vulnerability allows applications to access sensitive user data they shouldn't have permission to view. It affects macOS systems running vu...

A logic vulnerability in macOS allows applications to access user-sensitive data without proper authorization. This affects macOS Sequoia, Tahoe, and ...

This vulnerability in Oracle PeopleSoft Enterprise PeopleTools allows authenticated high-privilege attackers to modify or read sensitive data via HTTP...

A logic flaw in macOS allows applications to bypass intended restrictions and access sensitive user data without proper authorization. This affects ma...

This macOS vulnerability allows malicious applications to bypass symlink protections and access protected user data. It affects macOS systems before v...

This vulnerability allows unsigned applications to launch on Intel-based Mac computers, potentially enabling malicious apps to access protected user d...

This CVE describes a sandbox escape vulnerability in macOS that allows malicious applications to bypass security restrictions and access sensitive use...

This CVE describes a macOS vulnerability where applications could access sensitive user data without proper authorization. It affects macOS systems be...

This vulnerability allows applications to bypass macOS security protections and access sensitive user data they shouldn't normally be able to reach. I...

This CVE describes a permissions bypass vulnerability in macOS that allows applications to modify protected areas of the file system. The vulnerabilit...

A permissions vulnerability in macOS allows applications to bypass security restrictions and access protected user data. This affects macOS systems ru...

This CVE describes a permissions issue in macOS that could allow malicious applications to access protected user data they shouldn't have permission t...

A permissions vulnerability in macOS allows applications to bypass security restrictions and access protected user data. This affects macOS systems be...

A permissions vulnerability in macOS allows applications to access sensitive location information without proper authorization. This affects macOS sys...

A logic vulnerability in macOS allows applications to bypass intended access controls and access sensitive user data. This affects macOS systems runni...

This vulnerability in Electron Capture allows local unprivileged users on macOS to bypass TCC privacy protections by setting the ELECTRON_RUN_AS_NODE ...

This vulnerability allows malicious apps to access sensitive user data on Apple devices due to improper state management. It affects users running old...

This vulnerability in Oracle Communications Order and Service Management allows authenticated attackers with low privileges to manipulate data, read r...