CWE-285: CWE-285

An Insecure Direct Object Reference (IDOR) vulnerability in Rallly's poll duplication endpoint allows authenticated users to duplicate polls they don'...

The GenerateBlocks WordPress plugin has an authorization bypass vulnerability that allows authenticated users with contributor-level access or higher ...

The GiveWP WordPress plugin has an information disclosure vulnerability that allows unauthenticated attackers to access private donation forms and arc...

Kazaar 1.25.12 has an authorization bypass vulnerability where attackers can access order documents by modifying the order-id parameter in API calls. ...

Apache Superset has an improper access control vulnerability where authenticated users can enumerate protected datasources they shouldn't access. By m...

CVE-2025-54585 allows attackers with regular push access to bypass GitProxy's commit approval enforcement when creating new branches. This vulnerabili...

This vulnerability allows attackers to bypass Firefox for Android's external link prompt, potentially exposing users to security vulnerabilities or pr...

CVE-2024-44314 is an incorrect access control vulnerability in TastyIgniter 3.7.6 that allows unauthorized users to remotely update order statuses. Th...

This vulnerability in Windows Remote Desktop Licensing Service allows attackers to cause a denial of service by sending specially crafted packets. It ...

This vulnerability in GitLab allows any user to access private job artifacts, bypassing intended access controls. It affects GitLab Community Edition ...

This vulnerability in HashiCorp Vault's PKI mount allows unauthorized users to delete or modify PKI issuer metadata, potentially causing denial of ser...

This vulnerability in Harbor allows authenticated users to revoke robot account permissions belonging to projects they don't have access to. Attackers...

This CSRF vulnerability in fastapi-sso allows attackers to link their OAuth accounts to victims' internal accounts by exploiting improper state parame...

A permission verification vulnerability in Huawei's media library module allows unauthorized access to protected media content. This affects Huawei de...

This CVE describes a permission control vulnerability in Huawei's clipboard module that could allow unauthorized access to clipboard data. Successful ...

This vulnerability in Oracle JD Edwards EnterpriseOne Tools allows unauthenticated attackers with network access via HTTP to compromise the system. It...

This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via HTTP to compromise the server. It requires human...

Kyverno versions before 1.14.0-alpha.1 ignore subjectRegExp and issuerRegExp validations when verifying artifacts in keyless mode, allowing attackers ...

This vulnerability allows authenticated low-privileged attackers to access sensitive configuration information through a specific REST API endpoint in...

This CVE describes an authorization bypass vulnerability in Shiprocket Module 3 for OpenCart. Attackers can manipulate the contentHash parameter in th...

This CVE describes an authorization vulnerability in macOS where an app could bypass intended restrictions and access sensitive user data. The issue a...

This CVE describes an authorization vulnerability in macOS that allows applications to bypass intended access controls and potentially access sensitiv...

A logic flaw in macOS file handling allows applications to bypass intended access restrictions and read protected user data. This affects macOS system...

This CVE describes a logic flaw in macOS that allows applications to access sensitive user data they shouldn't have permission to access. The vulnerab...

This CVE describes a logic flaw in macOS Shortcuts that allows malicious shortcuts to access sensitive user data without proper user consent prompts. ...

This macOS vulnerability allows malicious applications to bypass Privacy preferences and access restricted data containers. It affects macOS Monterey,...

The weDocs WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Subscriber-level access or higher to modify...

This vulnerability allows attackers to spoof the Chrome Omnibox (address bar) security UI on Android devices, potentially tricking users into believin...

A vulnerability in Moodle's timed assignment feature allows students to bypass time restrictions, potentially gaining extra time to complete assessmen...

Jira Align has an authorization vulnerability where low-privilege users can access endpoints they shouldn't, potentially exposing sensitive informatio...

Jira Align has an authorization vulnerability where low-privilege users can access endpoints they shouldn't, potentially viewing or modifying limited ...

This CVE allows attackers to make unauthorized requests to locally deployed Gradio servers from sandboxed iframes or other sources with a null origin....

This CVE describes an authorization bypass vulnerability in the sz-boot-parent framework's API endpoint. Attackers can manipulate the messageId parame...

This vulnerability allows users with view-only access to download files they shouldn't be able to access by using the Ctrl+Shift+S keyboard shortcut. ...

The weMail WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to impersonate administrators by manipulat...

The SiteSEO WordPress plugin has an improper capability check vulnerability that allows authenticated users with any SiteSEO setting permission to res...

The YITH WooCommerce Wishlist plugin for WordPress has an authorization bypass vulnerability that allows unauthenticated attackers to access wishlist ...

The Document Library Lite WordPress plugin has an improper authorization vulnerability that allows unauthenticated attackers to retrieve unpublished d...

The Kognetiks Chatbot plugin for WordPress has a missing capability check vulnerability that allows unauthenticated attackers to upload limited safe f...

This vulnerability allows remote attackers to bypass authorization in Sistemas Pleno Gestão de Locação by manipulating the 'pes_cpf' argument in th...

This CVE describes a CSRF token reuse vulnerability in Webkul QloApps up to version 1.7.0 that allows attackers to bypass authorization by manipulatin...

This vulnerability in LitmusChaos Litmus allows local attackers to bypass authorization by manipulating the projectID argument in the LocalStorage Han...

This vulnerability allows remote attackers to bypass authorization checks in the macrozheng mall e-commerce platform by manipulating the orderId param...

This vulnerability in giscus allows unauthorized users to create GitHub Discussions on any repository where giscus is installed. It affects the server...

The WP Booking Calendar plugin for WordPress has a vulnerability that allows unauthenticated attackers to modify confirmed bookings after they've been...

The Download Manager WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to download password-protected ...

This vulnerability in GLPI allows unauthorized users to download documents via the API without proper authentication. It affects GLPI installations ru...

This critical vulnerability in Tongda OA allows attackers to bypass authorization controls in the annual leave management component, potentially acces...

The WooCommerce Smart Coupons plugin for WordPress has an authorization bypass vulnerability that allows unauthenticated attackers to create gift cert...

CVE-2024-7799 is an improper authorization vulnerability in SourceCodester Simple Online Bidding System 1.0 that allows unauthorized access to admin f...