CWE-285: CWE-285

This CVE describes an improper authorization vulnerability in HikCentral Professional where insufficient server-side validation allows attackers to ac...

CVE-2023-38220 is an improper authorization vulnerability in Adobe Commerce (formerly Magento) that allows attackers to bypass security controls and a...

This vulnerability in the Network Observability plugin for OpenShift console allows authentication bypass when Loki authToken configuration is not set...

This vulnerability allows an attacker to cause a denial-of-service (DoS) condition in WLAN hosts by sending malformed Channel Switch Announcement (CSA...

CVE-2022-40521 is an improper authorization vulnerability in Qualcomm modem firmware that allows attackers to cause a transient denial of service (DoS...

This vulnerability allows attackers to cause a denial-of-service (DoS) condition in Qualcomm modems by sending specially crafted OTA (Over-The-Air) me...

This vulnerability allows unauthorized users to access and manipulate sensitive information in Acronis products due to improper authorization checks. ...

This CVE describes an implicit intent hijacking vulnerability in Samsung Cloud that allows attackers to intercept sensitive information. The vulnerabi...

This vulnerability in Samsung SmartThings allows attackers to remotely access sensitive information through a missing caller check in the JavaScript i...

This vulnerability in Samsung Galaxy Store allows remote attackers to install unauthorized apps by bypassing authorization checks. It affects Samsung ...

CVE-2021-25417 is an improper authorization vulnerability in Samsung's SDP SDK that allows unauthorized access to internal storage. This affects Samsu...

This vulnerability allows unauthenticated access to S3 buckets and keys in Apache Ozone clusters through simple HTTP requests or curl commands. It aff...

CVE-2021-21432 is an authentication bypass vulnerability in Vela CI/CD framework that allows malicious users to access secrets stored in the ~/.netrc ...

This vulnerability in GRUB2 allows privileged attackers to bypass Secure Boot protections by using the cutmem command to remove memory address ranges....

This vulnerability in Harbor allows authenticated users to modify p2p preheat policies in projects they shouldn't have access to. Attackers can exploi...

This CVE describes an incorrect authorization vulnerability in QNAP operating systems that allows authenticated users to bypass intended access restri...

This vulnerability in APICast's 3Scale OIDC module allows attackers to access unauthorized information from separate realms when token mismatches aren...

This vulnerability in Wire-server allows attackers to change user email addresses using only short-lived session tokens, leading to potential account ...

This critical vulnerability in Casdoor allows attackers to bypass authorization checks when creating users via the SCIM endpoint. Attackers can remote...

This vulnerability allows unauthorized attackers to bypass pairing on Forvia Hella HELLA Driving Recorder DR 820 devices, enabling access to sensitive...

This critical vulnerability in Alien Technology ALR-F800 RFID readers allows remote attackers to execute arbitrary commands via the /var/www/cmd.php e...

This critical vulnerability in Prison Management System 1.0 allows attackers to bypass authorization controls during new user creation. Attackers can ...

This vulnerability allows remote authenticated administrators of any organization within Casdoor to bypass permission verification by manipulating URL...

CVE-2025-24053 is an improper authentication vulnerability in Microsoft Dataverse that allows authenticated attackers to elevate privileges over a net...

This vulnerability allows remote attackers to execute arbitrary code on Microsoft SharePoint Server systems. Attackers could gain control of affected ...

This vulnerability in authentik allows attackers to obtain OAuth tokens with unauthorized scopes when using client_credentials or device_code grants. ...

This vulnerability allows attackers to bypass account approval requirements in SAP Commerce Composable Storefront B2B sites with early login enabled. ...

CVE-2026-25999 is an improper access control vulnerability in Klaw (Apache Kafka management portal) that allows unauthorized users to reset or delete ...

A critical authentication bypass vulnerability in Podman Desktop allows any installed extension to completely circumvent permission checks and gain un...

This vulnerability allows attackers to delete other users' workspaces in OpenCTI by exploiting an authorization flaw in the GraphQL mutation 'Workspac...

An authorization flaw in Rallly's comment deletion API allows any authenticated user to delete comments belonging to other users, including poll owner...

This CVE describes a logic flaw in macOS that could allow malicious applications to access sensitive user data without proper authorization. The vulne...

This macOS vulnerability allows malicious applications to bypass Privacy preferences by exploiting a downgrade issue in code-signing restrictions. It ...

This vulnerability in Minder allows authenticated users to access, delete, or retrieve artifacts from any repository in the database regardless of own...

An improper authorization vulnerability in Fortinet FortiADC allows low-privileged users to read or backup the full system configuration via HTTP/HTTP...

A cryptographic vulnerability in Qualcomm's HLOS (High-Level Operating System) during key management allows potential unauthorized access to sensitive...

This vulnerability allows authenticated but unprivileged operators in Gallagher Command Centre Server to improperly modify and view Competencies data ...

This vulnerability in NVIDIA vGPU software allows guest operating systems to access and manipulate resources they shouldn't have authorization for. Th...

This CVE allows local authenticated attackers on Juniper Junos OS Evolved systems to execute administrative commands through the 'sysmanctl' shell com...

This vulnerability allows attackers to redirect intents in Samsung's Galaxy Store app, potentially accessing its content provider. This affects Samsun...

An improper configuration vulnerability in Samsung Smart Manager allows attackers to access files with system privileges. This affects Samsung mobile ...

This MongoDB vulnerability allows authenticated users to maintain authorization sessions after their accounts are deleted, potentially gaining access ...

CVE-2023-23696 is an improper authorization vulnerability in Dell Command Intel vPro Out of Band software that allows locally authenticated malicious ...

This vulnerability in SINEC Security Monitor allows authenticated local attackers with low privileges to bypass authorization checks in the file_trans...

An improper authorization flaw in Ansible Automation Controller allows attackers using the Kubernetes API server to send HTTP requests with service ac...

This authorization bypass vulnerability in Revive Adserver allows users with tracker deletion permissions to delete trackers belonging to other accoun...

An authorization flaw in Wekan's card update handling allows authenticated board members to manipulate vote arrays by adding/removing arbitrary user I...

This vulnerability in Langfuse's SSO provider configurations allows account takeover when authenticated users are tricked into visiting a specially cr...

An insecure direct object reference (IDOR) vulnerability in Rallly allows authenticated users to modify other participants' votes in polls without aut...

This vulnerability allows authenticated users of Rallly to impersonate any other user by manipulating the authorName field in comment creation API req...