Loading...
Loading...
4,216 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.
Improper access control in the Intel(R) Thunderbolt(TM) DCH drivers for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file of the directory where the produc…
Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product.
Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access.
Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physic…
Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special `@"<username>"#p<id>` syntax. The following behavior nev…
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT …
If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, Wa…
LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device.
LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. An attacker could control and tamper with the PLC by sending the packets to the PLC over its XGT protoco…
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.
api/views/user.py in LibrePhotos before e19e539 has incorrect access control.
A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to acc…
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.
Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpr…
Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the…
The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to bypass Privacy preferences.
Improper access control in the Intel(R) Unite(R) android application before Release 17 may allow a privileged user to potentially enable information disclosure via local access.
Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the p…
Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions o…
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.34), Mendix Applications using Mendix 8 (All versions < V8.18.23), Mendix Applications using Mendix 9 (All versions < V9.22.0), Mendix Applicat…
Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.
An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room.
The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized acc…
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are…
In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function.
Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affec…
Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request.
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbitrary commands via unspecified vectors.
Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kube…
Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger…
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
A malicious user can cause log files to be written to a directory that they do not have permission to write to.
Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.
A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same …
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.
Users with only access to launch VDA applications can launch an unauthorized desktop
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Te…
Improper access control vulnerability in Buffalo network devices allows a network-adjacent attacker to obtain specific files of the product. As a result, the product settings may be altered. The affected products and versions are as follow…
On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration da…
An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled.
Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range.
Remote Desktop Client Remote Code Execution Vulnerability
Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable denial of service via local access.
EchelonGraph correlates every CVE — across CWE-284 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →