CWE-284: Improper Access Control

Sielco PolyEco1000 devices have an authentication bypass vulnerability where attackers can modify passwords in POST requests to gain administrative ac...

This vulnerability allows attackers to brute-force weak session IDs, potentially hijacking authenticated sessions and bypassing authentication control...

CVE-2023-44794 is a critical privilege escalation vulnerability in Dromara SaToken authentication framework. Remote attackers can send crafted payload...

An authentication bypass vulnerability in the httpd nvram.cgi functionality of Yifan YF325 routers allows unauthenticated attackers to execute arbitra...

The HP LIFE Android mobile application contains improper access control vulnerabilities that could allow attackers to escalate privileges or access se...

This vulnerability allows remote unauthorized attackers to connect to SICK SIM1012 devices, change configuration settings, reset the device, or upload...

This vulnerability allows remote attackers within Wi-Fi range to derive the default WPA2-PSK password by analyzing beacon frames from affected ARRIS m...

This vulnerability allows unauthenticated attackers to register administrator accounts in Crypto Currency Tracker (CCT) by sending a specially crafted...

CVE-2023-4696 is an improper access control vulnerability in the memos self-hosted note-taking software that allows unauthenticated attackers to bypas...

This vulnerability allows unauthenticated attackers to remotely compromise customer-managed ShareFile StorageZones Controllers. It affects organizatio...

CVE-2023-2429 is an improper access control vulnerability in phpMyFAQ that allows attackers to bypass authentication and gain unauthorized access to a...

PowerJob V4.3.1 has an incorrect access control vulnerability that allows attackers to bypass authentication and execute arbitrary code remotely. This...

CVE-2023-27350 is an authentication bypass vulnerability in PaperCut NG/MF that allows unauthenticated remote attackers to gain SYSTEM-level access an...

CVE-2023-24468 is a broken access control vulnerability in NetIQ Advanced Authentication that allows attackers to bypass authentication mechanisms. Th...

This vulnerability allows unauthenticated attackers to send malicious packets via the XGT protocol to LS ELECTRIC XBC-DN32U PLCs, enabling complete co...

This vulnerability allows an operating system to reinitialize a disabled root complex in Ampere Altra and AltraMax processors, bypassing intended secu...

This vulnerability allows attackers to bypass access controls in Answerdev Answer software versions prior to 1.0.4, potentially leading to account tak...

This vulnerability allows attackers with weak credentials to access TCP ports via open FTP ports, enabling them to read sensitive files and write to r...

CVE-2022-22282 is an improper access control vulnerability in SonicWall SMA1000 series firmware that allows unauthorized actors to access restricted r...

The flo-launch WordPress plugin before version 2.4.1 contains an improper access control vulnerability that allows attackers to inject malicious code ...

CVE-2022-23730 is an API access control bypass vulnerability in LG webOS TV software that allows attackers to bypass authentication mechanisms and gai...

This vulnerability in Mendix Forgot Password Appstore module allows attackers to hijack arbitrary user accounts through the sign-up flow. All Mendix a...

CVE-2020-13675 is a critical access bypass vulnerability in Drupal's JSON:API and REST/File modules that allows attackers to upload files without prop...

CVE-2021-4119 is an improper access control vulnerability in BookStack that allows unauthenticated attackers to bypass authentication and gain adminis...

This vulnerability allows unauthenticated attackers to modify WordPress options, potentially leading to full website compromise. It affects WordPress ...

CVE-2021-38457 allows attackers to establish sessions with vulnerable servers without providing any authentication credentials. This affects industria...

CVE-2021-22941 is an improper access control vulnerability in Citrix ShareFile storage zones controller that allows unauthenticated attackers to remot...

CVE-2021-28809 is an improper access control vulnerability in legacy versions of QNAP HBS 3 backup software. If exploited, attackers can compromise th...

This vulnerability allows unauthenticated remote attackers to escalate privileges from Guest to Administrator on SolarWinds Orion Platform installatio...

This vulnerability allows unauthenticated attackers to access WordPress admin customization and settings pages through the Controlled Admin Access plu...

CVE-2020-7561 is a critical authentication bypass vulnerability in Schneider Electric's Easergy T300 firmware that allows unauthenticated attackers to...

This vulnerability allows an unauthenticated remote attacker to execute unsigned code during the PXE boot process on affected Cisco IOS XR devices. At...

This improper access control vulnerability in QNAP's Helpdesk software allows attackers to gain control of the Kayako service using API keys, potentia...

Blood Bank Management System 1.0 contains an improper access control vulnerability in delete.php that allows authenticated attackers to perform action...

An incorrect access control vulnerability in Desktop Alert PingAlert's Application Server allows remote attackers to escalate privileges. This affects...

This vulnerability in the Arc browser for Windows allows websites with previously granted permissions to add new permissions when users click anywhere...

A Cross-Site WebSocket Hijacking vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows attackers to hijack WebSocket connections...

This vulnerability allows authenticated attackers to escalate privileges in Azure Managed Instance for Apache Cassandra, potentially gaining administr...

CVE-2024-38164 is an improper access control vulnerability in GroupMe that allows unauthenticated attackers to elevate privileges by tricking users in...

This vulnerability in GitLab allows an attacker to trigger CI/CD pipelines as another user under specific conditions, potentially executing unauthoriz...

This vulnerability in GitLab allows an attacker to trigger CI/CD pipelines as another user under specific conditions, potentially executing unauthoriz...

This vulnerability in eProsima Fast DDS allows attackers to forcibly disconnect subscribers and prevent new connections by sending unencrypted disconn...

CVE-2024-21767 allows remote attackers to bypass access controls on Commend WS203VICM intercom systems by sending specially crafted malicious requests...

EuroTel ETL3100 devices running vulnerable firmware versions allow unauthenticated attackers to download configuration files and logs containing sensi...

Devices ekorCCP and ekorRCI from Ormazabal are vulnerable due to FTP services using default credentials. This allows attackers to modify critical file...

Rockwell Automation Kinetix 5500 drives manufactured between May 2022 and January 2023 with firmware v7.13 have telnet and FTP ports open by default, ...

This vulnerability in Microsoft Azure Site Recovery allows authenticated attackers to elevate privileges within the Azure environment, potentially gai...

This vulnerability allows remote attackers to cause denial of service in Sealevel Systems SeaConnect 370W devices by sending specially crafted network...

CVE-2021-21425 is an unauthenticated remote code execution vulnerability in Grav Admin Plugin that allows attackers to execute arbitrary methods witho...

CVE-2020-8028 is an improper access control vulnerability in SUSE Manager components that allows local users to escalate privileges to root on managed...