CWE-284— Improper Access Control
4,241 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-284page 64 of 85
- CVE-2025-4066HIGHCVSS 7.3EG 7.32025-04-29
A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/addpackage.php. The manipulation leads to improper access controls. The at…
- CVE-2025-4067MEDIUMCVSS 5.3EG 5.32025-04-29
A vulnerability classified as critical has been found in ScriptAndTools Online-Travling-System 1.0. Affected is an unknown function of the file /admin/viewpackage.php. The manipulation leads to improper access controls. It is possible to l…
- CVE-2025-40939MEDIUMCVSS 4.6EG 4.62025-12-09
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device contains a USB port which allows unauthenticated connections. This could allow an attacker with physical access to the device to trigger re…
- CVE-2025-4118MEDIUMCVSS 5.3EG 5.32025-04-30
A vulnerability classified as critical has been found in Weitong Mall 1.0.0. This affects an unknown part of the file /historyList of the component Product History Handler. The manipulation of the argument isDelete with the input 1 leads t…
- CVE-2025-4119MEDIUMCVSS 5.3EG 5.32025-04-30
A vulnerability classified as critical was found in Weitong Mall 1.0.0. This vulnerability affects unknown code of the file /queryTotal of the component Product Statistics Handler. The manipulation of the argument isDelete with the input 1…
- CVE-2025-41737HIGHCVSS 7.5EG 7.52025-11-18
Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules.
- CVE-2025-4258MEDIUMCVSS 6.3EG 6.32025-05-05
A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu up to 4.2.0. Affected is the function Upload of the file \youkefu-master\src\main\java\com\ukefu\webim\web\handler\resource\MediaController.java. The ma…
- CVE-2025-4259MEDIUMCVSS 6.3EG 6.32025-05-05
A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java. The manipulation of the argument File …
- CVE-2025-4269MEDIUMCVSS 6.5EG 6.52025-05-05
A vulnerability was found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi of the component Log Handler. The manipulation of the argument topicurl with th…
- CVE-2025-4270MEDIUMCVSS 5.3EG 5.32025-05-05
A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler. The manipulation of the argument topicurl wit…
- CVE-2025-4271MEDIUMCVSS 5.3EG 5.32025-05-05
A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the i…
- CVE-2025-4281MEDIUMCVSS 4.3EG 4.32025-05-05
A vulnerability, which was classified as problematic, was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7. This affects an unknown part of the file /api/GylOperator/LoadData. The manipulation leads to inf…
- CVE-2025-4291MEDIUMCVSS 6.3EG 6.32025-05-05
A vulnerability, which was classified as critical, was found in IdeaCMS up to 1.6. Affected is the function saveUpload. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been discl…
- CVE-2025-43027CRITICALCVSS 9.8EG 9.82025-10-30
A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec Security Center system. The Genetec engineering team discovered this …
- CVE-2025-4305MEDIUMCVSS 6.3EG 6.32025-05-06
A vulnerability has been found in kefaming mayi up to 1.3.9 and classified as critical. This vulnerability affects the function Upload of the file app/tools/controller/File.php. The manipulation of the argument File leads to unrestricted u…
- CVE-2025-4310MEDIUMCVSS 4.7EG 4.72025-05-06
A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. This affects an unknown part of the file /admin/add_topic.php?category=BBS. The manipulation of the argument Cover Image leads to unrestri…
- CVE-2025-4316MEDIUMCVSS 4.3EG 4.32025-05-05
Improper access control in PAM feature in Devolutions Server allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions. This issue affects Devolutions Server v…
- CVE-2025-43184CRITICALCVSS 9.8EG 9.82025-07-30
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A shortcut may be able to bypass sensitive Shortcuts app settings.
- CVE-2025-43192CRITICALCVSS 9.8EG 9.82025-07-30
A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. Account-driven User Enrollment may still be possible with Lockdown Mode turned on.
- CVE-2025-43194CRITICALCVSS 9.8EG 9.82025-07-30
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to modify protected parts of the file system.
- CVE-2025-43198CRITICALCVSS 9.8EG 9.82025-07-30
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. An app may be able to access protected user data.
- CVE-2025-43204HIGHCVSS 7.8EG 7.82025-09-15
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to break out of its sandbox.
- CVE-2025-43207MEDIUMCVSS 5.5EG 5.52025-09-15
This issue was addressed with improved entitlements. This issue is fixed in macOS Tahoe 26. An app may be able to access user-sensitive data.
- CVE-2025-43208MEDIUMCVSS 5.5EG 5.52025-09-15
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to read sensitive location information.
- CVE-2025-43232CRITICALCVSS 9.8EG 9.82025-07-30
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to bypass certain Privacy preferences.
- CVE-2025-43233CRITICALCVSS 9.8EG 9.82025-07-30
This issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A malicious app acting as a HTTPS proxy could get access to sensitive user data.
- CVE-2025-43241MEDIUMCVSS 5.5EG 5.52025-07-30
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to read files outside of its sandbox.
- CVE-2025-43263HIGHCVSS 7.1EG 7.12025-09-15
The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sandbox.
- CVE-2025-43270HIGHCVSS 8.8EG 8.82025-07-30
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may gain unauthorized access to Local Network.
- CVE-2025-43285MEDIUMCVSS 5.5EG 5.52025-09-15
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
- CVE-2025-43291MEDIUMCVSS 5.5EG 5.52025-09-15
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system.
- CVE-2025-43294LOWCVSS 3.3EG 5.32025-09-15
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26, tvOS 26.1, watchOS 26.1. An app may be able to access sensitive …
- CVE-2025-43305MEDIUMCVSS 5.5EG 5.52025-09-15
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access private information.
- CVE-2025-43308MEDIUMCVSS 5.3EG 5.32025-09-15
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data.
- CVE-2025-43309LOWCVSS 2.4EG 2.42025-11-04
A logic issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.
- CVE-2025-43313MEDIUMCVSS 5.5EG 5.52025-10-15
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data.
- CVE-2025-43315MEDIUMCVSS 5.5EG 5.52025-09-15
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access user-sensitive data.
- CVE-2025-43317MEDIUMCVSS 5.5EG 5.52025-09-15
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.
- CVE-2025-43319MEDIUMCVSS 5.5EG 5.52025-09-15
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
- CVE-2025-43321MEDIUMCVSS 5.5EG 5.52025-09-15
The issue was resolved by blocking unsigned services from launching on Intel Macs. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
- CVE-2025-43322MEDIUMCVSS 5.5EG 5.52025-11-04
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access user-sensitive data.
- CVE-2025-43325MEDIUMCVSS 5.5EG 5.52025-09-15
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
- CVE-2025-43328LOWCVSS 3.3EG 5.32025-09-15
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
- CVE-2025-4333MEDIUMCVSS 6.3EG 6.32025-05-06
A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm up to 0.0.1. It has been classified as critical. This affects the function uploadFile of the file src/main/java/com/megagao/production/ssm/service/impl/FileServiceI…
- CVE-2025-43332MEDIUMCVSS 5.2EG 6.52025-09-15
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to break out of its sandbox.
- CVE-2025-43334MEDIUMCVSS 5.5EG 5.52025-11-04
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access user-sensitive data.
- CVE-2025-43335MEDIUMCVSS 5.5EG 5.52025-11-04
The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access user-sensitive data.
- CVE-2025-43337MEDIUMCVSS 5.5EG 5.52025-09-15
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26. An app may be able to access sensitive user data.
- CVE-2025-43340HIGHCVSS 7.8EG 7.82025-09-15
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to break out of its sandbox.
- CVE-2025-43351MEDIUMCVSS 5.5EG 5.52025-12-12
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data.
Map vulnerabilities like CWE-284 to your infrastructure
EchelonGraph correlates every CVE — across CWE-284 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →