Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,078)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-10615 1Angeljudesuarez 1E Commerce Website Apr 29, 2026 Sep 17, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was identified in itsourcecode E-Commerce Website 1.0. This impacts an unknown function of the file /admin/products.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely...Show more A vulnerability was identified in itsourcecode E-Commerce Website 1.0. This impacts an unknown function of the file /admin/products.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit is publicly available and might be used.Show less
CVE-2025-10608 1Portabilis 1I Educar Apr 29, 2026 Sep 17, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was detected in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /enrollment-history/. Performing manipulation results in improper access controls. The attack is pos...Show more A vulnerability was detected in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /enrollment-history/. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may be used.Show less
CVE-2025-10607 1Portabilis 1I Educar Apr 29, 2026 Sep 17, 2025 2.1 LOW· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Avaliacao/diarioApi. Such manipulation leads to information disclosure. The attack can be...Show more A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Avaliacao/diarioApi. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.Show less
CVE-2025-10600 1Janobe 1Online Exam Form Submission Apr 29, 2026 Sep 17, 2025 5.5 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A flaw has been found in SourceCodester Online Exam Form Submission 1.0. This impacts an unknown function of the file /register.php. This manipulation of the argument img causes unrestricted upload. It is possible to ini...Show more A flaw has been found in SourceCodester Online Exam Form Submission 1.0. This impacts an unknown function of the file /register.php. This manipulation of the argument img causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and may be used.Show less
CVE-2025-37131 - - Sep 17, 2025 Sep 16, 2025 N/A· v4 4.9 MEDIUM· v3 N/A· v2 A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and e...Show more A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information.Show less
CVE-2025-37125 - - Sep 17, 2025 Sep 16, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS). Successful exploitation could allow an attacker to bypass firewall protections, potentially leading to unauthorized traffic bein...Show more A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS). Successful exploitation could allow an attacker to bypass firewall protections, potentially leading to unauthorized traffic being handled improperlyShow less
CVE-2025-54391 - - Sep 17, 2025 Sep 16, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 A vulnerability in the EnableTwoFactorAuthRequest SOAP endpoint of Zimbra Collaboration (ZCS) allows an attacker with valid user credentials to bypass Two-Factor Authentication (2FA) protection. The attacker can configur...Show more A vulnerability in the EnableTwoFactorAuthRequest SOAP endpoint of Zimbra Collaboration (ZCS) allows an attacker with valid user credentials to bypass Two-Factor Authentication (2FA) protection. The attacker can configure an additional 2FA method (either a third-party authenticator app or email-based 2FA) without presenting a valid authentication token or proving access to an already configured 2FA method. This bypasses 2FA and results in unauthorized access to accounts that are otherwise protected by 2FA.Show less
CVE-2025-59333 1Executeautomation 1Mcp Database Server Oct 8, 2025 Sep 16, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 The mcp-database-server (MCP Server) 1.1.0 and earlier, as distributed via the npm package @executeautomation/database-server, fails to implement adequate security controls to properly enforce a "read-only" mode. This vu...Show more The mcp-database-server (MCP Server) 1.1.0 and earlier, as distributed via the npm package @executeautomation/database-server, fails to implement adequate security controls to properly enforce a "read-only" mode. This vulnerability affects only the npm distribution; other distributions are not impacted. As a result, the server is susceptible to abuse and attacks on affected database systems such as PostgreSQL, and potentially others that expose elevated functionalities. These attacks may lead to denial of service and other unexpected behaviors.Show less
CVE-2025-43371 1Apple 1Xcode Nov 3, 2025 Sep 15, 2025 N/A· v4 8.2 HIGH· v3 N/A· v2 This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox.
CVE-2025-43369 1Apple 1Macos Nov 3, 2025 Sep 15, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data.
CVE-2025-43340 1Apple 1Macos Nov 3, 2025 Sep 15, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to break out of its sandbox.
CVE-2025-43337 1Apple 1Macos Apr 2, 2026 Sep 15, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26. An app may be able to access sensitive user data.
CVE-2025-43332 1Apple 1Macos Apr 2, 2026 Sep 15, 2025 N/A· v4 5.2 MEDIUM· v3 N/A· v2 A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to break out of its sandbox.
CVE-2025-43328 1Apple 1Macos Nov 3, 2025 Sep 15, 2025 N/A· v4 3.3 LOW· v3 N/A· v2 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
CVE-2025-43325 1Apple 1Macos Nov 3, 2025 Sep 15, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
CVE-2025-43321 1Apple 1Macos Apr 2, 2026 Sep 15, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The issue was resolved by blocking unsigned services from launching on Intel Macs. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
CVE-2025-43319 1Apple 1Macos Apr 2, 2026 Sep 15, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
CVE-2025-43317 1Apple 6Ipados Iphone OsMacos+3 more Apr 2, 2026 Sep 15, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.
CVE-2025-43315 1Apple 1Macos Apr 2, 2026 Sep 15, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access user-sensitive data.
CVE-2025-43308 1Apple 1Macos Apr 2, 2026 Sep 15, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data.

Previous 1...596061...254 Next