Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,079)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-43308 1Apple 1Macos Apr 2, 2026 Sep 15, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data.
CVE-2025-43305 1Apple 1Macos Apr 2, 2026 Sep 15, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access private information.
CVE-2025-43294 1Apple 1Macos Apr 2, 2026 Sep 15, 2025 N/A· v4 3.3 LOW· v3 N/A· v2 An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26, tvOS 26.1, watchOS 26.1. An app may be able t...Show more An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26, tvOS 26.1, watchOS 26.1. An app may be able to access sensitive user data.Show less
CVE-2025-43291 1Apple 1Macos Apr 2, 2026 Sep 15, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system.
CVE-2025-43285 1Apple 1Macos Apr 2, 2026 Sep 15, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
CVE-2025-43263 1Apple 1Xcode Nov 3, 2025 Sep 15, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sandbox.
CVE-2025-43208 1Apple 1Macos Nov 3, 2025 Sep 15, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to read sensitive location information.
CVE-2025-43207 1Apple 1Macos Nov 3, 2025 Sep 15, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 This issue was addressed with improved entitlements. This issue is fixed in macOS Tahoe 26. An app may be able to access user-sensitive data.
CVE-2025-43204 1Apple 1Macos Nov 3, 2025 Sep 15, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to break out of its sandbox.
CVE-2025-31270 1Apple 1Macos Nov 3, 2025 Sep 15, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data.
CVE-2025-31269 1Apple 1Macos Apr 2, 2026 Sep 15, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
CVE-2025-31268 1Apple 1Macos Apr 2, 2026 Sep 15, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
CVE-2025-24197 1Apple 1Macos Apr 2, 2026 Sep 15, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data.
CVE-2025-24088 1Apple 1Macos Nov 3, 2025 Sep 15, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 The issue was addressed by adding additional logic. This issue is fixed in macOS Tahoe 26. An app may be able to override MDM-enforced settings from profiles.
CVE-2025-56274 2Senior Walter Seniorwalter 2Web Based Pharmacy Product Management System Web Based Pharmacy Product Management System Apr 9, 2026 Sep 15, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high privileged (such as admin) sessions and perform sensitive operati...Show more SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high privileged (such as admin) sessions and perform sensitive operations such as adding new users.Show less
CVE-2025-10480 1Janobe 1Online Student File Management System Apr 29, 2026 Sep 15, 2025 2.1 LOW· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A weakness has been identified in SourceCodester Online Student File Management System 1.0. This affects an unknown function of the file /save_file.php. Executing manipulation can lead to unrestricted upload. The attack...Show more A weakness has been identified in SourceCodester Online Student File Management System 1.0. This affects an unknown function of the file /save_file.php. Executing manipulation can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.Show less
CVE-2025-10491 - - Sep 16, 2025 Sep 15, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking. This issue affects MongoDB Serve...Show more The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking. This issue affects MongoDB Server v6.0 version prior to 6.0.25, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5Show less
CVE-2025-10447 1Campcodes 1Online Job Finder System Apr 29, 2026 Sep 15, 2025 5.5 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability was detected in Campcodes Online Job Finder System 1.0. The impacted element is an unknown function of the file /eris/applicationform.php. The manipulation of the argument picture results in unrestricted...Show more A vulnerability was detected in Campcodes Online Job Finder System 1.0. The impacted element is an unknown function of the file /eris/applicationform.php. The manipulation of the argument picture results in unrestricted upload. It is possible to launch the attack remotely. The exploit is now public and may be used.Show less
CVE-2025-10428 1Mayurik 1Pet Grooming Management Software Apr 29, 2026 Sep 15, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/seo_setting.php of the component Setting Handler. The manipulation of...Show more A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/seo_setting.php of the component Setting Handler. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.Show less
CVE-2025-10427 1Mayurik 1Pet Grooming Management Software Apr 29, 2026 Sep 15, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. This impacts an unknown function of the file /admin/operation/user.php. Executing manipulation of the argument website_image can lead...Show more A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. This impacts an unknown function of the file /admin/operation/user.php. Executing manipulation of the argument website_image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.Show less

Previous 1...606162...254 Next