CWE-284: Improper Access Control

This vulnerability allows unauthenticated remote attackers to bypass access control rules on Cisco ASA/FTD firewalls by sending traffic to loopback in...

An access control vulnerability in 4C Strategies Exonaut allows unauthorized users to access restricted functionality or data. This affects organizati...

The DocCheck Login WordPress plugin versions up to 1.1.5 contain an authentication bypass vulnerability that allows unauthenticated attackers to read ...

This CVE describes an Improper Access Control vulnerability in Adobe Commerce that allows attackers to bypass security measures and gain limited write...

This vulnerability in Oracle Application Object Library allows unauthenticated attackers with network access via HTTP to read sensitive data from Orac...

This CVE describes an Improper Access Control vulnerability in Adobe Commerce that allows attackers to bypass security measures and gain unauthorized ...

The Enfold WordPress theme has an authorization bypass vulnerability that allows unauthenticated attackers to export all theme settings. This can expo...

The ElementsKit Elementor addons plugin for WordPress has an information disclosure vulnerability that allows unauthenticated attackers to view any co...

The Event Tickets and Registration WordPress plugin has an Insecure Direct Object Reference vulnerability that allows unauthenticated attackers to vie...

The WP Hotel Booking plugin for WordPress has an authorization bypass vulnerability that allows unauthenticated attackers to add rooms with custom pri...

The Tutor LMS WordPress plugin vulnerability allows unauthenticated attackers to register user accounts even when site registration is disabled. This ...

This vulnerability in UEFI firmware for certain Intel server systems allows privileged users to bypass access controls and potentially read sensitive ...

A vulnerability in ICG.AspNetCore.Utilities.CloudStorage library causes incorrect SAS URI duration generation when users specify durations other than ...

This vulnerability in Oracle VM VirtualBox allows a low-privileged attacker with local access to compromise the virtualization software, potentially a...

This vulnerability allows attackers to bypass access controls in the SourceCodester Online Railway Reservation System 1.0 by manipulating the 'id' par...

An incorrect permission assignment vulnerability in Veeam products allows attackers with local access to modify product configuration files. This coul...

This TLS protocol vulnerability allows a malicious TLS 1.2 server to force a TLS 1.3 client with downgrade capability to use an unintended ciphersuite...

An unauthenticated attacker can access student marks data through the /smsa/view_marks.php endpoint in Kashipara Responsive School Management System. ...

An unauthenticated attacker can access teacher details in Kashipara Responsive School Management System v3.2.0 due to improper access controls on the ...

An unauthenticated access control vulnerability in Kashipara Responsive School Management System v3.2.0 allows remote attackers to view the administra...

An unauthenticated attacker can add new subject entries to the Kashipara Responsive School Management System by exploiting incorrect access control in...

This vulnerability in GitLab allows unauthorized users to view merge request titles that were configured to be visible only to project members. It aff...

CVE-2023-22250 is an improper access control vulnerability in Adobe Commerce that allows attackers to bypass security features and potentially disrupt...

A sandbox escape vulnerability in macOS allows malicious applications to bypass security restrictions and access system resources or other application...

This macOS vulnerability allows malicious applications to escape their security sandbox, potentially accessing system resources or other applications'...

This CVE describes a file quarantine bypass vulnerability in macOS that allows applications to escape their sandbox restrictions. It affects macOS sys...

This vulnerability allows attackers to bypass Cisco NX-OS image signature verification, enabling them to load unverified or malicious software onto af...

CVE-2023-52164 allows unauthenticated attackers to read arbitrary files on Digiever DS-2105 Pro devices via the access_device.cgi endpoint. This affec...

This CVE describes an improper access control vulnerability in FortiOS that allows an attacker with existing write access to the system to bypass file...

In Gokapi versions before 2.2.3, registered users without proper privileges can create short-lived API keys with elevated permissions to create or mod...

This vulnerability allows authenticated users in Devolutions Server to bypass client-side validation and edit permissions they shouldn't have access t...

An improper access control vulnerability in Intel Tiber Edge Platform's Edge Orchestrator software allows unauthenticated attackers on adjacent networ...

This vulnerability in Ansible Automation Platform allows attackers with read-only OAuth2 tokens to escalate privileges and gain write access to API en...

This vulnerability in Directus allows attackers to bypass localhost access restrictions by using alternative loopback IP addresses like 127.0.0.2 inst...

This vulnerability in Oracle PeopleSoft Enterprise PeopleTools allows high-privileged attackers with network access via HTTP to gain unauthorized acce...

This vulnerability allows authenticated attackers to download arbitrary files from AOS-10 GW and AOS-8 Controller/Mobility Conductor systems via the C...

An authenticated attacker can download arbitrary files from AOS-10 GW and AOS-8 Controller/Mobility Conductor systems through the web management inter...

This vulnerability allows authenticated attackers to download arbitrary files from AOS-10 GW and AOS-8 Controller/Mobility Conductor systems through t...

This vulnerability allows authenticated attackers to download arbitrary files from AOS-10 GW and AOS-8 Controller/Mobility Conductor systems via CLI b...

This vulnerability allows authenticated administrators on EdgeConnect SD-WAN ECOS systems to access sensitive system files they shouldn't have permiss...

CVE-2025-27702 is a privilege escalation vulnerability in Absolute Secure Access management console where administrators with specific permissions can...

This vulnerability in Oracle MySQL Cluster allows high-privileged attackers with network access to cause denial of service by crashing or hanging the ...

This vulnerability in Oracle MySQL Server's Prepared Statements component allows high-privileged attackers with network access to cause a denial of se...

This vulnerability in Mercedes-Benz NTG6 head units allows attackers with physical access to Ethernet pins to access the internal vehicle network. Thr...

A privilege escalation vulnerability in GitLab allows Developer users with the 'admin_compliance_framework' custom role to modify group namespace URLs...

An improper access control vulnerability in Fortinet FortiADC allows authenticated read-only users to perform unauthorized write actions via crafted H...

This vulnerability in Oracle MySQL Connector/Python allows low-privileged attackers with network access to potentially access sensitive data through s...

This vulnerability allows authenticated attackers to tamper with Windows Remote Desktop Services, potentially disrupting legitimate connections or alt...

This vulnerability in Oracle Java SE's 2D component allows unauthenticated attackers with network access to potentially modify or read some accessible...

This vulnerability in mingSoft MCMS 6.1.1 allows remote attackers to upload arbitrary files via the /ms/file/uploadTemplate.do endpoint. This unrestri...