CWE-284— Improper Access Control
4,239 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-284page 56 of 85
- CVE-2025-1568HIGHCVSS 8.8EG 9.82025-04-16
Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code E…
- CVE-2025-1590MEDIUMCVSS 4.7EG 4.72025-02-23
A vulnerability was found in SourceCodester E-Learning System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/lesson/index.php of the component List of Lessons Page. The manipulation lead…
- CVE-2025-1593MEDIUMCVSS 4.7EG 4.72025-02-23
A vulnerability classified as critical has been found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /_hr_soft/assets/uploadImage/Profile/ of the component Profile Picture Handler. The manip…
- CVE-2025-1595MEDIUMCVSS 5.3EG 5.32025-02-23
A vulnerability has been found in Anhui Xufan Information Technology EasyCVR up to 2.7.0 and classified as problematic. This vulnerability affects unknown code of the file /api/v1/getbaseconfig. The manipulation leads to information disclo…
- CVE-2025-1598MEDIUMCVSS 6.3EG 6.32025-02-24
A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/asset_crud.php. The manipulation of the ar…
- CVE-2025-1606MEDIUMCVSS 4.3EG 4.32025-02-24
A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulation leads to information disclosure. The…
- CVE-2025-1646HIGHCVSS 7.3EG 7.32025-02-25
A vulnerability, which was classified as critical, has been found in Lumsoft ERP 8. Affected by this issue is some unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx of the component ASPX File Handler. The manipulation of th…
- CVE-2025-1791MEDIUMCVSS 6.3EG 6.32025-03-01
A vulnerability has been found in Zorlan SkyCaiji 2.9 and classified as critical. This vulnerability affects the function fileAction of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the argument save_data lead…
- CVE-2025-1818MEDIUMCVSS 6.3EG 6.32025-03-02
A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. This issue affects some unknown processing of the file src/main/java/com/futvan/z/system/zfile/ZfileAction.upload. The manipulation of the argumen…
- CVE-2025-1834MEDIUMCVSS 6.3EG 6.32025-03-02
A vulnerability, which was classified as critical, was found in zj1983 zz up to 2024-8. This affects an unknown part of the file /resolve. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the a…
- CVE-2025-1835MEDIUMCVSS 6.3EG 6.32025-03-02
A vulnerability has been found in osuuu LightPicture 1.2.2 and classified as critical. This vulnerability affects the function upload of the file /app/controller/Api.php. The manipulation of the argument file leads to unrestricted upload. …
- CVE-2025-1865HIGHCVSS 7.8EG 7.82025-04-04
The kernel driver, accessible to low-privileged users, exposes a function that fails to properly validate the privileges of the calling process. This allows creating files at arbitrary locations with full user control, ultimately allowing …
- CVE-2025-1881MEDIUMCVSS 4.3EG 4.32025-03-03
A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Video Footage/Live Video Stream. The manipulation leads to im…
- CVE-2025-1882MEDIUMCVSS 5.0EG 5.02025-03-03
A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been rated as critical. Affected by this issue is some unknown functionality of the component Device Setting Handler. The manipulation leads to improper access control…
- CVE-2025-1890MEDIUMCVSS 6.3EG 6.32025-03-04
A vulnerability has been found in shishuocms 1.1 and classified as critical. This vulnerability affects the function handleRequest of the file src/main/java/com/shishuo/cms/action/manage/ManageUpLoadAction.java. The manipulation of the arg…
- CVE-2025-1941CRITICALCVSS 9.1EG 9.12025-03-04
Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability was fixed in Firefox 136.
- CVE-2025-20052HIGHCVSS 7.3EG 7.32025-05-13
Improper access control for some Intel(R) Graphics software may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2025-20076MEDIUMCVSS 5.0EG 5.02025-05-13
Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
- CVE-2025-20099MEDIUMCVSS 6.7EG 6.72025-08-12
Improper access control for some Intel(R) Rapid Storage Technology installation software may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2025-20100HIGHCVSS 7.5EG 7.52025-05-13
Improper access control in the memory controller configurations for some Intel(R) Xeon(R) 6 processor with E-cores may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-20130MEDIUMCVSS 4.9EG 4.92025-06-04
A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. Th…
- CVE-2025-20131MEDIUMCVSS 4.9EG 4.92025-08-20
A vulnerability in the GUI of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of t…
- CVE-2025-20137MEDIUMCVSS 4.7EG 4.72025-05-07
A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL…
- CVE-2025-20144MEDIUMCVSS 4.0EG 4.02025-03-12
A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of p…
- CVE-2025-20153MEDIUMCVSS 5.8EG 5.82025-02-19
A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device.…
- CVE-2025-20159MEDIUMCVSS 5.3EG 5.32025-09-10
A vulnerability in the management interface access control list (ACL) processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features. This vu…
- CVE-2025-20190MEDIUMCVSS 6.5EG 6.52025-05-07
A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users that are defined on an affected device. This vulnerability is due…
- CVE-2025-20219MEDIUMCVSS 5.3EG 5.32025-08-14
A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticate…
- CVE-2025-20223MEDIUMCVSS 4.7EG 4.72025-05-07
A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device. This vulnerability is …
- CVE-2025-20229HIGHCVSS 8.0EG 8.02025-03-26
In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles…
- CVE-2025-20230MEDIUMCVSS 4.3EG 4.32025-03-26
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Spl…
- CVE-2025-20242MEDIUMCVSS 6.5EG 6.52025-05-21
A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper…
- CVE-2025-2031MEDIUMCVSS 6.3EG 6.32025-03-06
A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. The manipulation of the argument file leads to unrestricted upload. It is possible…
- CVE-2025-20316MEDIUMCVSS 5.3EG 5.32025-09-24
A vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL on an affected device. T…
- CVE-2025-20323MEDIUMCVSS 4.3EG 4.32025-07-07
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search `Bucket Copy Trigger` within the Splunk Archiver applicat…
- CVE-2025-20324MEDIUMCVSS 5.4EG 5.42025-07-07
In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles could c…
- CVE-2025-20335MEDIUMCVSS 5.3EG 5.32025-09-03
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. …
- CVE-2025-20339MEDIUMCVSS 5.8EG 5.82025-09-24
A vulnerability in the access control list (ACL) processing of IPv4 packets of Cisco SD-WAN vEdge Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the improper enforcement…
- CVE-2025-20341HIGHCVSS 8.8EG 8.82025-11-13
A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system. This vulnerability is due to insufficient validation of user-supplied…
- CVE-2025-2035MEDIUMCVSS 6.3EG 6.32025-03-06
A vulnerability was found in s-a-zhd Ecommerce-Website-using-PHP 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /customer_register.php. The manipulation of the argument name leads to unrest…
- CVE-2025-20366MEDIUMCVSS 6.5EG 6.52025-10-01
In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensi…
- CVE-2025-2089MEDIUMCVSS 5.4EG 5.42025-03-07
A vulnerability has been found in StarSea99 starsea-mall 1.0/2.X and classified as critical. Affected by this vulnerability is the function updateUserInfo of the file /personal/updateInfo of the component com.siro.mall.controller.mall.User…
- CVE-2025-2090MEDIUMCVSS 4.7EG 4.72025-03-07
A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php of the component Sub Admin Handler. The manipulat…
- CVE-2025-21031MEDIUMCVSS 6.8EG 6.82025-09-03
Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs.
- CVE-2025-21105MEDIUMCVSS 6.6EG 6.62025-02-20
Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administ…
- CVE-2025-2115MEDIUMCVSS 6.3EG 6.32025-03-09
A vulnerability, which was classified as critical, was found in zzskzy Warehouse Refinement Management System 3.1. Affected is the function ProcessRequest of the file /AcceptZip.ashx. The manipulation of the argument file leads to unrestri…
- CVE-2025-21173HIGHCVSS 7.3EG 7.32025-01-14
.NET Elevation of Privilege Vulnerability
- CVE-2025-21185MEDIUMCVSS 6.5EG 6.52025-01-17
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- CVE-2025-21197MEDIUMCVSS 6.5EG 6.52025-04-08
Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.
- CVE-2025-21202MEDIUMCVSS 6.1EG 6.12025-01-14
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
Map vulnerabilities like CWE-284 to your infrastructure
EchelonGraph correlates every CVE — across CWE-284 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →