CWE-284: Improper Access Control

This vulnerability in AnyDesk allows a remote user with 'Control my device' permission to modify settings and set a Full Access password without confi...

This vulnerability allows malicious macOS/iOS apps to escape their sandbox restrictions, potentially accessing system resources or other apps' data. I...

An improper access control vulnerability in Microsoft Power Pages allows unauthorized attackers to bypass user registration controls and elevate privi...

This vulnerability in Intel Graphics Driver installers allows authenticated local users to escalate privileges on affected systems. Attackers could ga...

This vulnerability allows authenticated attackers to elevate their privileges within Microsoft SharePoint, potentially gaining administrative access. ...

This vulnerability in Intel EMA software allows authenticated users with local access to potentially escalate privileges due to improper access contro...

Insecure permissions in the Bluetooth Low Energy (BLE) component of the Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a Denial...

An improper access control vulnerability in Baxter Connex health portal allows unauthenticated attackers to gain unauthorized database access and modi...

This vulnerability allows attackers with kernel-level access to bypass AMD's System Management Mode (SMM) ROM protections, potentially enabling firmwa...

This vulnerability allows attackers to cause a Denial of Service (DoS) in Tormach xsTECH CNC routers by overwriting the Hostmot2 configuration cookie ...

This vulnerability in Mbed TLS and Mbed Crypto allows attackers to potentially access sensitive cryptographic data or cause denial of service through ...

This vulnerability in Intel Thunderbolt DCH drivers for Windows allows authenticated local users to escalate privileges due to improper access control...

This vulnerability allows attackers to escape the Artemis Java Test Sandbox by loading untrusted native libraries via System.load or System.loadLibrar...

This vulnerability allows a privileged user with local access to bypass access controls in Intel Aptio V UEFI Firmware Integrator Tools, potentially e...

CVE-2023-30969 is an authentication/authorization bypass vulnerability in Palantir Tiles1 service where API endpoints lack proper access controls. Thi...

This vulnerability allows unauthenticated remote attackers to download and upload arbitrary files via anonymous FTP access to SICK APU devices. It aff...

This vulnerability allows a privileged user on a Windows system with affected Intel WiFi software to escalate their privileges locally. It affects sys...

This vulnerability allows a privileged user on a local system to escalate privileges through improper access control in Intel PROSet/Wireless WiFi and...

This vulnerability in Intel SUR software allows authenticated local users to escalate privileges due to improper access control. Attackers could gain ...

This Moodle vulnerability allows remote attackers to set the 'start page' preference for other users, bypassing intended access controls. Attackers ca...

Axigen Mail Server versions before 10.5.57 contain an improper access control vulnerability in the WebAdmin interface. A delegated admin account with ...

OpenSlides versions before 4.2.29 have an authentication bypass vulnerability where users synced via external SAML identity providers can be logged in...

This vulnerability allows authenticated attackers with customer-level permissions or higher to access and modify other vendors' store settings in the ...

OpenSIS 9.2 and below contains an incorrect access control vulnerability in Student.php that allows authenticated low-privilege users to perform unaut...

This vulnerability in SuperDuper! v3.10 allows attackers to escalate privileges to root through improper access control in the SDAgent component. The ...

This vulnerability in Oracle Essbase Web Platform allows authenticated attackers with low privileges to remotely manipulate or access critical data vi...

phpMyFAQ versions 4.0-nightly-2025-10-03 and below allow multiple user accounts to be registered with the same email address due to missing uniqueness...

The mcp-database-server fails to properly enforce read-only mode, allowing attackers to execute unauthorized database operations. This affects users o...

CVE-2025-56274 is an access control vulnerability in SourceCodester Web-based Pharmacy Product Management System 1.0 that allows low-privileged users ...

This vulnerability allows users without proper delete privileges to bypass access controls and delete products via the mass-delete endpoint in UnoPim....

This vulnerability in Oracle Universal Work Queue allows authenticated attackers with low privileges to perform unauthorized data manipulation (create...

An improper access control vulnerability in Microsoft Azure allows unauthorized attackers to access and disclose sensitive information over the networ...

This vulnerability in Oracle PeopleSoft Enterprise CC Common Application Objects allows authenticated attackers with low privileges to perform unautho...

CVE-2024-44313 is an incorrect access control vulnerability in TastyIgniter 3.7.6 that allows unauthorized users to access and generate invoices witho...

This vulnerability allows authenticated users in Devolutions Server to bypass browser extension restrictions, potentially enabling malicious browser e...

This vulnerability allows attackers to bypass access controls in Serosoft Academia SIS EagleR v1.0.118, enabling them to create and modify user accoun...

An improper access control vulnerability in Odoo's auth_oauth module allows internal users to export OAuth tokens belonging to other users. This affec...

Sage DPW versions before 2024_12_001 have an improper access control vulnerability where server-side role checks are inconsistently enforced. Low-priv...

Adobe Commerce has an improper access control vulnerability that allows low-privileged attackers to bypass security measures and gain unauthorized acc...

This vulnerability in vaultwarden allows an attacker who is an owner/admin of one organization to gain owner rights over another organization by knowi...

This vulnerability in Open Virtual Network (OVN) allows specially crafted UDP packets to bypass egress access control lists (ACLs), potentially enabli...

This vulnerability in GLPI allows authenticated users to delete any user account via a specific application endpoint. It affects GLPI versions 10.0.0 ...

An unauthenticated attacker can exploit inadequate access controls in Mitel MiContact Center Business's legacy chat component to access sensitive info...

TestLink 1.9.20 has an access control vulnerability in the TestPlan editing function that allows users with minimal privileges to view and modify all ...

CVE-2024-45170 is an improper access control vulnerability in za-internet C-MOR Video Surveillance software that allows low-privileged users to perfor...

Kamaji versions 1.0.0 and earlier have an RBAC misconfiguration that allows Kubernetes control plane API servers to access and manipulate data from ot...

This vulnerability allows attackers to execute arbitrary code or commands on Fortinet FortiManager devices through specially crafted HTTP requests due...

The Cloudflare WordPress plugin has an improper authentication vulnerability that allows attackers with lower-privileged WordPress accounts to access ...

This vulnerability in Nokia WaveLite products allows local users to create new administrative accounts by manipulating web requests when security hard...

This authentication bypass vulnerability in Open Automation Software OAS Platform allows attackers to gain unauthorized access by sending specially-cr...