Loading...
Loading...
4,217 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 t…
The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server.
Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all orders from the online shop via oordershow component in customer function.
Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin.
Active Directory Domain Services Information Disclosure Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability
Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips `aud` claim validation if token is issued by same…
Windows Group Policy Security Feature Bypass Vulnerability
Microsoft SharePoint Server Information Disclosure Vulnerability
A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). The kernel memory of affected devices is…
Loftware Spectrum through 4.6 has unprotected JMX Registry.
Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.
pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can result in a package th…
SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy.
Incorrect access control in the REST API endpoint of HubSpot v1.29441 allows unauthenticated attackers to view users' data without proper authorization.
Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request.
A vulnerability classified as problematic has been found in Aures Komet up to 20230509. This affects an unknown part of the component Kiosk Mode. The manipulation leads to improper access controls. It is possible to launch the attack on th…
LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service.
The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server.
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnera…
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnera…
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 260577.
Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps…
An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name …
Various software builds for the following TCL devices (30Z, A3X, 20XE, 10L) leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted thir…
Improper access control in the Intel Smart Campus android application before version 9.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of privilege via local access.
An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.
Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and V12.03.01.09_pt, and Multilaser RE163V v12.03.01.08_pt allows attackers to bypass the access control and gain complete access to the applicatio…
An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01 allows attackers to bypass the access control and gain complete access to the application via supplying a crafted cookie.
An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue t…
Improper access control for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.
Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.
DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the n…
Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of …
Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder during product …
Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder when product in…
Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of …
Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query `/api/0/api-tokens/` for a list of all tokens creat…
SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network
Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper access control element in some Intel(R) Ethernet tools and driver install software, before versions 28.2, may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper access control for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access.
An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer pack…
The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.
lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c.
Improper access control in some Intel(R) SUR software before version 2.4.10587 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1, a user can access files inside a subfolder …
EchelonGraph correlates every CVE — across CWE-284 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →