CWE-284: Improper Access Control

The Page Builder: Pagelayer WordPress plugin has an information exposure vulnerability that allows authenticated attackers with Contributor-level acce...

Unifiedtransform 2.0 has an access control vulnerability that allows students to modify exam rules through the /exams/edit-rule endpoint. This affects...

CVE-2025-25617 is an incorrect access control vulnerability in Unifiedtransform 2.X that allows teachers to escalate privileges by creating syllabus c...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to bypass access controls and view non-public posts (d...

The Education Addon for Elementor WordPress plugin has an Insecure Direct Object Reference vulnerability that allows authenticated attackers with Cont...

The Rank Math SEO WordPress plugin has an authorization vulnerability that allows authenticated users with Contributor-level access or higher to delet...

Adobe Commerce has an improper access control vulnerability (CWE-284) that allows low-privileged attackers to escalate privileges and modify select da...

This vulnerability affects Siemens SCALANCE industrial wireless devices with SNMPv3 configured. It allows authenticated users with 'user' role to impr...

An authenticated attacker with no privileges can perform unauthorized operations on FortiDeceptor central management appliances by sending crafted req...

Adobe Experience Manager versions 6.5.21 and earlier have an improper access control vulnerability that allows low-privileged attackers to bypass secu...

CVE-2024-54038 is an improper access control vulnerability in Adobe Connect that allows low-privileged attackers to bypass security measures. This aff...

A function-level access control vulnerability in Unifiedtransform version 2.0 and earlier allows teachers to modify student personal data without prop...

This vulnerability allows remote attackers to upload arbitrary files to the Free Exam Hall Seating Management System 1.0 via the profile.php image upl...

This vulnerability in Moodle allows authenticated users to view course badge lists for courses they shouldn't have access to. It's an improper access ...

This vulnerability allows authenticated remote attackers within an organization to modify other users' distribution lists in Cisco Webex Meetings. It ...

This vulnerability allows users without proper permissions to create public shelves in Calibre-Web, potentially exposing sensitive book collections. I...

This vulnerability allows low-privileged users without admin or power roles to view App Key Value Store (KV Store) deployment configuration and public...

This CVE describes an Improper Access Control vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures. Affect...

CVE-2024-45121 is an Improper Access Control vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security features. This af...

This vulnerability in Jinan Chicheng Company JFlow 2.0.0 allows attackers to bypass access controls in the attachment handler component, potentially e...

This vulnerability allows unauthorized users to bypass IP restrictions for GitLab groups via GraphQL, potentially performing unauthorized group-level ...

This vulnerability in Mattermost exposes remote users' email addresses when shared channels are enabled, even when email visibility is otherwise restr...

This vulnerability in Apollo configuration management system allows authenticated users to bypass permission checks by crafting specific requests. Att...

This vulnerability allows unauthorized remote access to the /Report/ParkCommon/GetParkInThroughDeivces endpoint in Anhui Deshun Intelligent Technology...

This vulnerability allows users on remote Mattermost servers to set arbitrary usernames that sync to local servers when shared channels are enabled. I...

This vulnerability in Nextcloud Deck allows users with access to a deck board to view comments and attachments from deleted cards, bypassing intended ...

This vulnerability allows view-only users in Kibana to abuse the run_soon API to trigger continuous execution of alerting rules. This could lead to re...

Dell Secure Connect Gateway (SCG) versions before 5.24.00.00 have an improper access control vulnerability in an internal update REST API. A remote lo...

This vulnerability in Mattermost allows guest users on channels with linked playbook runs to view all details of those runs when marked as finished. I...

This vulnerability allows guest users in Mattermost to access metadata of public playbook runs linked to channels they are guests in, bypassing intend...

This vulnerability allows authenticated Mattermost users to execute slash commands in channels they don't have access to by linking a playbook run to ...

This vulnerability in Stormshield Network Security (SNS) allows attackers to bypass secure boot protections and restart devices in single-user mode, p...

This vulnerability allows users with enrollment-level edit permissions to create users in organizations they don't belong to or have access to. It aff...

This vulnerability allows certain administrative users in HCL Domino Leap to import applications from the server's filesystem due to improper access c...

This Nextcloud vulnerability allows users who receive shared folders containing blocked files to copy the intermediate folder structure, potentially b...

This CVE describes a misconfiguration vulnerability in Cilium where AWS security group IDs referenced in CiliumNetworkPolicies that don't exist or are...

This CVE describes a cross-user data leak vulnerability in Android's VpnManager component where a logic error allows unauthorized access to VPN config...

This vulnerability in LobeChat allows authenticated users to delete files from any knowledge base without ownership verification due to a commented-ou...

This vulnerability in M-Files Desktop component service allows an authenticated user in one session to move laterally to another user's session, poten...

Gitea versions before 1.25.4 may send release notification emails for private repositories to users whose access has been revoked. This information di...

This CVE describes a permissions vulnerability in macOS that allows applications to monitor keystrokes without proper user authorization. It affects m...

This CVE describes a permissions vulnerability in Xcode that allows applications to bypass macOS Privacy preferences. This affects developers using Xc...

A macOS permissions vulnerability allows applications to access sensitive user data they shouldn't have permission to view. This affects macOS systems...

This CVE describes a logic flaw in Apple's spellcheck API that could allow malicious applications to access files they shouldn't have permission to vi...

A sandbox escape vulnerability in macOS allows malicious applications to bypass intended restrictions and access sensitive user data. This affects mac...

This vulnerability in Keycloak's Admin REST API exposes backend schema and rules due to improper access control. It could allow attackers to gather in...

This vulnerability in Keycloak Admin REST API allows unauthorized users to access sensitive role metadata due to insufficient authorization checks. It...

An input validation vulnerability in iOS/iPadOS allows someone with physical access to a locked device to view photos from the lock screen. This affec...

This vulnerability allows a user to view restricted content from the lock screen on Apple iOS and iPadOS devices due to improper state management. It ...

This vulnerability allows attackers with physical access to a locked macOS device to access contacts from the lock screen. It affects macOS users runn...