CWE-284: Improper Access Control

This vulnerability in BlueZ's HID over GATT Profile allows network-adjacent attackers to execute arbitrary code without authentication by exploiting i...

PIX-LINK LV-WR22 RE3002-P1-01 firmware version V117.0 has a Telnet service enabled with hardcoded root credentials that cannot be changed. This allows...

CVE-2024-8779 is an improper access control vulnerability in OMFLOW software from The SYSCOM Group that allows authenticated users with regular privil...

This vulnerability in Microsoft SQL Server allows authenticated attackers to execute arbitrary code with elevated privileges, potentially gaining full...

This CVE describes an improper access control vulnerability in Veeam software that allows low-privileged users to remotely execute code with Administr...

This vulnerability allows authenticated local users to escalate privileges on systems with affected Intel Ethernet Network Controllers and Adapters. T...

CVE-2024-40475 is an incorrect access control vulnerability in SourceCodester Best House Rental Management System v1.0 that allows unauthorized access...

A mass assignment vulnerability in Pantera CRM allows authenticated users to modify any user attribute, including administrative roles, by injecting p...

This vulnerability allows remote attackers with regular user privileges in the Electronic Official Document Management System from 2100 TECHNOLOGY to ...

This vulnerability allows attackers to create users with elevated privileges on Fortinet FortiExtender devices via crafted HTTP requests. It affects m...

This vulnerability in authentik's API-Access-Token mechanism allows attackers to escalate privileges to full admin access. Any authentik instance runn...

This vulnerability in Northern.tech Mender allows low-privileged read-only users to escalate their privileges by changing their own roles to administr...

This vulnerability in Intel Power Gadget software allows authenticated local users to escalate privileges on Windows systems. Attackers could gain SYS...

This vulnerability in Intel Power Gadget for macOS allows authenticated local users to escalate privileges due to improper access control. Attackers c...

This vulnerability allows unprivileged users to execute Bluetooth Low Energy (BLE) commands that should require privileged access on Nuki smart locks....

This vulnerability in sanluan PublicCMS v4.0.202302.e allows attackers to escalate privileges through the change password function. Attackers can gain...

This vulnerability in Oracle VM VirtualBox allows a low-privileged attacker with local access to the host system to compromise the VirtualBox software...

This vulnerability in Oracle VM VirtualBox allows a low-privileged attacker with local access to the host system to compromise VirtualBox, potentially...

This vulnerability in Oracle Enterprise Manager Base Platform allows a low-privileged attacker with local access to the host to completely compromise ...

This vulnerability allows unauthenticated attackers to access administrator functionality in Evolution Controller's web interface when any user is alr...

This vulnerability in Azure CycleCloud allows authenticated users to elevate their privileges to administrator level, potentially gaining full control...

CVE-2023-49978 is an improper access control vulnerability in Customer Support System v1 that allows non-administrator users to access administrative ...

This vulnerability in WinMail allows remote attackers to execute arbitrary code by sending a crafted script via the email parameter. It affects WinMai...

This CVE describes a privilege escalation vulnerability in FreeRTOS Kernel affecting ARMv7-M and ARMv8-M ports with MPU support enabled. It allows att...

This vulnerability allows attackers to bypass authentication in Multilaser RE160 routers by supplying a specially crafted cookie, granting them comple...

Linksys E2000 router version 1.0.06 build 1 contains an authentication bypass vulnerability in the position.js file that allows attackers to access ad...

CVE-2024-1632 is an improper access control vulnerability in Progress Sitefinity CMS that allows low-privileged backend users to access sensitive admi...

This vulnerability in ZenML Server allows remote attackers to escalate privileges by activating user accounts with only a valid username and new passw...

This vulnerability allows attackers to bypass Chrome's download restrictions via a malicious HTML page, potentially enabling unauthorized file system ...

This vulnerability in Intel DSA software allows authenticated users with local access to potentially escalate privileges due to improper access contro...

This vulnerability in Min browser versions before 1.31.0 allows local HTML files to bypass same-origin policy restrictions and access other local file...

This vulnerability in Graylog allows authenticated users with appropriate permissions to load and instantiate arbitrary Java classes via HTTP PUT requ...

This vulnerability allows attackers to bypass kiosk mode application restrictions in ScaleFusion Windows Desktop App, enabling execution of arbitrary ...

This vulnerability in Intel OFU software allows authenticated users with local access to potentially escalate privileges due to improper access contro...

This CVE describes an access control vulnerability in Sangoma FreePBX CDR module that allows attackers to bypass authorization by modifying parameter ...

This vulnerability allows remote attackers to execute arbitrary commands on Yifan YF325 routers by sending specially crafted network requests to the v...

This CVE describes a privilege escalation vulnerability in ByDemes Group Airspace CCTV Web Service version 2.616.BY00.11. It allows low-privileged att...

The LAN-W451NGR router from LOGITEC CORPORATION has an improper access control vulnerability that allows unauthenticated attackers to log into the tel...

This vulnerability in Intel's OFU software kernel driver allows authenticated local users to bypass access controls and escalate privileges. It affect...

This vulnerability allows authenticated attackers with gNMI access to modify arbitrary configurations on Arista EOS switches when the Streaming Teleme...

CVE-2022-47542 is an incorrect access control vulnerability in Red Gate SQL Monitor that allows remote attackers to escalate privileges. This affects ...

This CVE describes an improper access control vulnerability in Cal.com (formerly Calendly) scheduling software. It allows unauthorized users to bypass...

CVE-2022-1025 is an improper access control vulnerability in Argo CD that allows authenticated users to escalate privileges to admin level. All Argo C...

This vulnerability allows attackers to escalate privileges on InHand Networks InRouter302 devices by sending specially crafted HTTP requests to the ro...

CVE-2021-36775 is an improper access control vulnerability in SUSE Rancher that allows users to retain privileges after they should have been revoked....

This vulnerability in Webmin allows attackers to bypass access controls and execute arbitrary code remotely on affected systems. It affects Webmin ins...

This CVE-2021-3967 vulnerability in Zulip allows attackers to bypass access controls and potentially access sensitive data or perform unauthorized act...

This vulnerability allows any authenticated user to execute unauthorized Get APIs on Reolink RLC-410W cameras due to incorrect default permissions in ...

CVE-2022-0270 is an authentication bypass vulnerability in bored-agent (a Kubernetes component) where improper header sanitization allows attackers to...

This vulnerability allows an attacker with access to the Inforail Service in Ivanti Avalanche to perform session takeover, potentially gaining unautho...