Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,079)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-10085 1Mayurik 1Pet Grooming Management Software Apr 29, 2026 Sep 8, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file manage_website.php. The manipulation results in unrestricted upload. It is p...Show more A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file manage_website.php. The manipulation results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.Show less
CVE-2025-10083 1Mayurik 1Pet Grooming Management Software Apr 29, 2026 Sep 8, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/profile.php. Executing manipulation can lead to unrestricted...Show more A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/profile.php. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.Show less
CVE-2025-10081 1Mayurik 1Pet Grooming Management Software Apr 29, 2026 Sep 8, 2025 2.0 LOW· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument website_image causes unrestricted upload. Remote explo...Show more A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument website_image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.Show less
CVE-2025-10072 1Portabilis 1I Educar Apr 29, 2026 Sep 7, 2025 2.1 LOW· v4 6.3 MEDIUM· v3 6.5 MEDIUM· v2 A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/[ID_STUDENT]/enturmar/. Performing manipulation results in improper access controls. It is po...Show more A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/[ID_STUDENT]/enturmar/. Performing manipulation results in improper access controls. It is possible to initiate the attack remotely. The exploit has been made public and could be used.Show less
CVE-2025-10071 1Portabilis 1I Educar Apr 29, 2026 Sep 7, 2025 2.1 LOW· v4 6.3 MEDIUM· v3 6.5 MEDIUM· v2 A vulnerability has been found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /cancelar-enturmacao-em-lote/. Such manipulation leads to improper access controls. The attack may be...Show more A vulnerability has been found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /cancelar-enturmacao-em-lote/. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-10070 1Portabilis 1I Educar Apr 29, 2026 Sep 7, 2025 2.1 LOW· v4 6.3 MEDIUM· v3 6.5 MEDIUM· v2 A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack is possible to be carried out remotely...Show more A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack is possible to be carried out remotely. The exploit has been published and may be used.Show less
CVE-2025-53791 1Microsoft 1Edge Chromium Sep 10, 2025 Sep 5, 2025 N/A· v4 4.7 MEDIUM· v3 N/A· v2 Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-10013 1Portabilis 1I Educar Apr 29, 2026 Sep 5, 2025 2.1 LOW· v4 6.3 MEDIUM· v3 6.5 MEDIUM· v2 A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /exportacao-para-o-seb. Performing manipulation results in improper access controls. The attack is possible to...Show more A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /exportacao-para-o-seb. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may be used.Show less
CVE-2025-55244 1Microsoft 1Azure Ai Bot Service Oct 17, 2025 Sep 4, 2025 N/A· v4 9.0 CRITICAL· v3 N/A· v2 Azure Bot Service Elevation of Privilege Vulnerability
CVE-2025-55238 1Microsoft 1Dynamics 365 Sep 10, 2025 Sep 4, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
CVE-2025-54914 1Microsoft 1Azure Networking Oct 20, 2025 Sep 4, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Azure Networking Elevation of Privilege Vulnerability
CVE-2025-26424 1Google 1Android Sep 5, 2025 Sep 4, 2025 N/A· v4 4.0 MEDIUM· v3 N/A· v2 In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User in...Show more In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-9942 1Codeastro 1Real Estate Management System Apr 29, 2026 Sep 4, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /submitproperty.php. The manipulation leads to unrestricted upload. The attack may be initiated r...Show more A vulnerability has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /submitproperty.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-9941 1Codeastro 1Real Estate Management System Apr 29, 2026 Sep 4, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A flaw has been found in CodeAstro Real Estate Management System 1.0. This impacts an unknown function of the file /register.php. Executing manipulation of the argument uimage can lead to unrestricted upload. The attack...Show more A flaw has been found in CodeAstro Real Estate Management System 1.0. This impacts an unknown function of the file /register.php. Executing manipulation of the argument uimage can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.Show less
CVE-2025-36909 1Google 1Android Sep 5, 2025 Sep 4, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Information disclosure
CVE-2025-20335 1Cisco 17Desk Phone 9841 Firmware Desk Phone 9851 FirmwareDesk Phone 9861 Firmware+14 more Jan 5, 2026 Sep 3, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an...Show more A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system. Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.Show less
CVE-2025-58459 1Jenkins 1Global Build Stats Nov 4, 2025 Sep 3, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs.
CVE-2025-21031 1Samsung 1Android Sep 5, 2025 Sep 3, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs.
CVE-2025-9847 1Scriptandtools 1Real Estate Management System Apr 29, 2026 Sep 3, 2025 2.1 LOW· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A weakness has been identified in ScriptAndTools Real Estate Management System 1.0. Impacted is an unknown function of the file register.php. This manipulation of the argument uimage causes unrestricted upload. Remote ex...Show more A weakness has been identified in ScriptAndTools Real Estate Management System 1.0. Impacted is an unknown function of the file register.php. This manipulation of the argument uimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.Show less
CVE-2025-9843 1Das 1Parking Management System Oct 20, 2025 Sep 3, 2025 5.5 MEDIUM· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A flaw has been found in Das Parking Management System 停车场管理系统 6.2.0. Affected is an unknown function of the file /Operator/FindAll. This manipulation causes information disclosure. It is possible to initiate the attack...Show more A flaw has been found in Das Parking Management System 停车场管理系统 6.2.0. Affected is an unknown function of the file /Operator/FindAll. This manipulation causes information disclosure. It is possible to initiate the attack remotely. The exploit has been published and may be used.Show less

Previous 1...626364...254 Next