CWE-284: Improper Access Control

This vulnerability in GLPI allows authenticated users (and in some cases unauthenticated users) to bypass access controls and interact with, modify, o...

CVE-2023-2946 is an improper access control vulnerability in OpenEMR that allows unauthorized users to access sensitive patient data and administrativ...

This CVE describes an improper access control vulnerability in cloudexplorer-lite that allows unauthorized users to access restricted functionality or...

This vulnerability allows authenticated remote users in Odoo to trigger the creation of demonstration data, including user accounts with known credent...

An improper access control vulnerability in Buffalo network switches allows network-adjacent attackers to access specific files, potentially enabling ...

CVE-2022-2225 allows non-admin users to bypass Cloudflare WARP's Zero Trust security policies by using warp-cli subcommands to disable network interfa...

This CVE describes an OS command injection vulnerability in Node.js that allows attackers to bypass host validation checks and perform DNS rebinding a...

An improper access control vulnerability in PAN-OS allows authenticated GlobalProtect users to access the EC2 instance metadata endpoint on AWS-hosted...

This vulnerability in the Hashthemes Demo Importer WordPress plugin allows any logged-in user to execute database truncation and file deletion functio...

This vulnerability in the wpDataTables WordPress plugin allows authenticated users with low privileges to delete other users' data from shared tables ...

An improper access control vulnerability in Akın Software's QR Menu allows attackers to abuse authentication mechanisms, potentially gaining unauthor...

This vulnerability allows an authorized attacker to execute arbitrary code remotely on systems running vulnerable versions of GitHub Copilot and Visua...

An authenticated low-privileged attacker can remotely access backup archives created by users with elevated permissions in ctrlX OS setup mechanism. T...

This vulnerability allows low-privileged Splunk users without admin or power roles to execute arbitrary code on the server by uploading files to a spe...

This vulnerability allows attackers to bypass authentication on TOTOLINK A8000RU routers by crafting a specific session cookie, granting unauthorized ...

This session hijacking vulnerability in Bosch B426/B429 configuration web pages allows attackers to take over authenticated user sessions. Affected sy...

An improper access control vulnerability in Azure Virtual Machines allows authenticated attackers to perform local spoofing attacks. This affects Azur...

This vulnerability allows a privileged user on affected Intel FPGA systems to escalate their privileges through improper access control in firmware. I...

This vulnerability allows authenticated Windows users with local access to potentially escalate privileges through improper access control in Intel Th...

This vulnerability in Intel PROSet/Wireless WiFi and Killer WiFi software allows a privileged user to escalate privileges via local access due to impr...

A local privilege escalation vulnerability in avanquest Driver Updater allows attackers with local access to gain SYSTEM-level privileges through the ...

Dell PremierColor Panel Driver versions before 1.0.0.1 A01 contain an improper access control vulnerability that allows local low-privileged attackers...

This vulnerability allows an unauthorized attacker to bypass local security features in Microsoft Office Excel, potentially gaining elevated privilege...

This vulnerability in Windows Routing and Remote Access Service (RRAS) allows authenticated attackers to escalate privileges on the local system. Atta...

CVE-2025-64673 is a local privilege escalation vulnerability in the Storvsp.sys driver that allows authenticated attackers to gain SYSTEM-level privil...

This vulnerability allows authenticated read-only SSH users to bypass access controls and gain administrator privileges on affected network management...

This vulnerability allows an authenticated attacker with local access to exploit improper access control in Windows Client-Side Caching (CSC) Service ...

This vulnerability allows an authorized attacker with local access to exploit improper access controls in Microsoft's Customer Experience Improvement ...

This vulnerability allows an application to escape its sandbox restrictions on affected Apple operating systems. It affects users running vulnerable v...

This vulnerability in Azure Connected Machine Agent allows authenticated attackers to escalate privileges on local systems. Attackers with existing ac...

This macOS vulnerability allows malicious applications to escape their sandbox restrictions, potentially accessing system resources or other applicati...

This vulnerability allows malicious applications to escape macOS sandbox restrictions, potentially accessing system resources or user data they should...

This CVE describes a DLL hijacking vulnerability in MongoDB Windows installations where custom installation directories may have improper ACLs, allowi...

This vulnerability allows an authorized attacker with local access to a Windows Hyper-V host to elevate privileges due to improper access control. It ...

An improper access control vulnerability in Azure Windows Virtual Machine Agent allows authenticated attackers to escalate privileges locally on affec...

This vulnerability in Azure File Sync allows an authenticated attacker with local access to elevate privileges on the system. It affects organizations...

The AZIOT 2MP Smart Wi-Fi CCTV camera firmware contains an access control vulnerability that allows local attackers to gain root shell access. This ex...

This vulnerability in Microsoft PC Manager allows authenticated attackers to bypass intended access controls and gain elevated privileges on the local...

A privilege escalation vulnerability in TIA Administrator allows low-privileged users to trigger installations by manipulating cache files and downloa...

This vulnerability in Windows Installer allows authenticated attackers to bypass proper access controls and gain elevated local privileges. It affects...

CVE-2025-47161 is an improper access control vulnerability in Microsoft Defender for Endpoint that allows authenticated attackers to elevate privilege...

This vulnerability allows memory corruption when processing image encoding with a NULL configuration parameter in an IOCTL call. It affects Qualcomm d...

This CVE describes a memory corruption vulnerability in Qualcomm components where incorrect API restrictions allow memory mapping into protected VM ad...

A privilege escalation vulnerability in Synaptics audio drivers allows local authenticated attackers to load arbitrary DLLs into privileged processes....

This Windows kernel vulnerability allows attackers to bypass security features, potentially gaining elevated privileges or executing arbitrary code. I...

This CVE describes a local privilege escalation vulnerability in Wazuh Windows agent where improper ACLs on non-default installation directories allow...

This vulnerability allows attackers to elevate privileges within Microsoft Office applications, potentially gaining higher-level access than intended....

Dell Power Manager versions before 3.17 have an improper access control vulnerability that allows local low-privileged attackers to execute arbitrary ...

This vulnerability in Trend Micro Antivirus One allows attackers to modify product configurations without authorization, potentially disabling securit...

This vulnerability allows authenticated attackers to elevate their privileges within Microsoft SharePoint, potentially gaining administrative access. ...