CWE-863: Incorrect Authorization

This vulnerability allows attackers to bypass authentication on the Ivanti MobileIron Sentry administrative interface due to an overly permissive Apac...

This vulnerability allows an unauthenticated attacker with internal network access to execute arbitrary scripts on Mitel MiVoice Connect systems due t...

CVE-2023-36089 is an authentication bypass vulnerability in D-Link DIR-645 routers that allows remote attackers to gain escalated privileges without v...

This CVE describes an authentication bypass vulnerability in D-Link DIR-895 routers running firmware version FW102b07. Remote attackers can exploit a ...

CVE-2023-31704 is an incorrect access control vulnerability in Sourcecodester Online Computer and Laptop Store 1.0 that allows remote attackers to esc...

This vulnerability in Zimbra Collaboration Suite allows remote attackers to bypass authentication mechanisms and escalate privileges by exploiting fla...

This vulnerability in Nexxt Nebula 1200-AC routers allows attackers to bypass authentication and execute arbitrary commands by exploiting the HTTPD se...

This vulnerability in Huawei GPU modules allows attackers to bypass read/write permission checks, potentially leading to unauthorized access to sensit...

Arcserve UDP backup software through version 9.0.6034 has an authentication bypass vulnerability where the getVersionInfo endpoint leaks an AuthUUID t...

CVE-2023-28698 is an authorization bypass vulnerability in Wade Graphic Design FANTSY software that allows unauthenticated attackers to gain administr...

This CVE describes an incorrect authorization vulnerability in Apache IoTDB's web-workbench component (version 0.13.3). Attackers can bypass authoriza...

An authentication bypass vulnerability in CL4NX printer web interfaces allows remote attackers to execute privileged commands without valid credential...

This critical authentication bypass vulnerability in Gladinet CentreStack allows remote attackers to reset passwords for any valid user account withou...

This vulnerability allows unauthenticated attackers to generate valid authentication tokens in Delta Electronics InfraSuite Device Master, leading to ...

CVE-2023-23064 is an incorrect access control vulnerability in TOTOLINK A720R routers that allows unauthenticated attackers to bypass authentication a...

CVE-2021-32163 is an authentication vulnerability in MOSN v0.23.0 that allows attackers to bypass JWT authorization checks through case-sensitive stri...

This vulnerability allows attackers to bypass authentication in Masa CMS by exploiting a flaw in the Remember Me function. Attackers can gain unauthor...

This vulnerability allows attackers to predict previously generated session IDs in Inductive Automation Ignition, enabling session hijacking. Attacker...

Zimbra Collaboration Open Source 8.8.15 logs randomly generated initial login passwords in cleartext via syslog on UDP port 514. This allows attackers...

CVE-2022-33174 is an authentication bypass vulnerability in Powertek-based Power Distribution Units (PDUs) that allows attackers to access administrat...

Luocms v2.0 has an incorrect access control vulnerability that allows attackers to write arbitrary shell files via /admin/templates/template_manage.ph...

Mastodon instances running vulnerable versions have incorrect access control due to improper handling of signed JSON-LD activities. This allows attack...

This vulnerability in IBM Cognos Controller allows attackers to modify application behavior by exploiting public fields in public classes, potentially...

This vulnerability allows attackers to bypass IPv4 firewall rules and access all services on Trendnet AC2600 routers via IPv6 WAN interface. It affect...

This vulnerability in Jenkins allows agents to create temporary files on the controller before access controls are checked, enabling unauthorized file...

CVE-2020-21124 is a critical access control vulnerability in UReport 2.2.9 that allows attackers to reach the designer page without authentication, le...

CVE-2020-18701 is an authentication token invalidation vulnerability in Lin-CMS-Flask v0.1.1 that allows attackers to replay authentication tokens aft...

This vulnerability allows remote attackers to execute arbitrary code on vaeThink v1.0.1 systems by injecting malicious payloads into the condition par...

This is a critical permission control vulnerability in Huawei smartphones that allows attackers to bypass security restrictions and execute arbitrary ...

This vulnerability in Joomla! Core allows attackers to bypass security restrictions and retrieve password reset tokens from the database via an existi...

CVE-2020-20466 allows remote attackers to modify any user's password in White Shark System 1.3.2 via the user_edit_password.php endpoint without authe...

CVE-2021-28793 is an incorrect access control vulnerability in the vscode-restructuredtext extension for Visual Studio Code. It allows arbitrary binar...

This vulnerability allows unauthorized attackers to create valid administrative credentials in Monitorr v1.7.6m, bypassing authentication entirely. Th...

CVE-2020-24264 is an access control vulnerability in Portainer that allows authenticated users to bypass bind mount restrictions and execute arbitrary...

This vulnerability allows attackers to bypass LDAP authentication in SAP HANA Database when the LDAP directory server is configured to permit unauthen...

This vulnerability allows attackers to bypass authentication on FiberHome HG6245D devices by sending a specific decoded string to the telnet server. I...

This vulnerability in Drupal's REST/JSON module allows attackers to bypass node access controls and view restricted content. It affects Drupal 7.x sit...

This vulnerability in Drupal's REST/JSON module allows attackers to bypass field access controls, potentially accessing or modifying restricted conten...

CVE-2020-27156 is a critical authorization bypass vulnerability in Veritas APTARE that allows unauthenticated remote attackers to execute arbitrary co...

This vulnerability in Apache Solr allows attackers to bypass security controls and upload malicious ConfigSets via API without authentication. By comb...

This vulnerability in SAP Business One version 10.0 allows unauthenticated attackers to read, write, and execute files on SMB shared folders used duri...

This vulnerability in Google Chrome's developer tools allows attackers to escape the browser's security sandbox via a malicious HTML page. It affects ...

This vulnerability in Google Chrome DevTools allows a malicious extension to escape the browser's security sandbox when a user visits a crafted HTML p...

An improper authorization vulnerability in the mintplex-labs/anything-llm application allows unauthenticated users to perform destructive actions on t...

This vulnerability in Debian's zuluCrypt package allows local users to escalate privileges to root due to insecure PolicyKit settings. The flaw exists...

This vulnerability in Cloud Smart Lock v2.0.1 allows attackers to discover and exploit a leaked API URL to bind unauthorized physical devices to user ...

CVE-2021-21276 is a critical authentication bypass vulnerability in Polr URL shortener that allows unauthenticated attackers to gain administrative ac...

PlaciPy placement management system version 1.0.0 allows cross-tenant data access by deriving tenant identifiers from user-provided email domains with...

This vulnerability in vCluster Platform allows users with scoped access keys to bypass scope restrictions and access resources outside their intended ...

This vulnerability in Free5gc NRF 1.4.0 allows attackers to bypass scope validation during access token generation by using a crafted targetNF value. ...