Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,081)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-4735 1Campcodes 1Sales And Inventory System May 28, 2025 May 16, 2025 5.3 MEDIUM· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/product.php. The manipulation of the ar...Show more A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/product.php. The manipulation of the argument Picture leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-47161 1Microsoft 1Defender For Endpoint Jul 8, 2025 May 15, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
CVE-2025-47884 1Jenkins 1Openid Connect Provider Jun 12, 2025 May 14, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing att...Show more In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a trusted job, potentially gaining unauthorized access to external services.Show less
CVE-2025-43563 1Adobe 1Coldfusion Jul 15, 2025 May 13, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerabil...Show more ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction, and scope is changed.Show less
CVE-2025-22844 - - May 16, 2025 May 13, 2025 5.3 MEDIUM· v4 4.3 MEDIUM· v3 N/A· v2 Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
CVE-2025-20100 - - May 16, 2025 May 13, 2025 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 Improper access control in the memory controller configurations for some Intel(R) Xeon(R) 6 processor with E-cores may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2025-20076 - - May 16, 2025 May 13, 2025 2.1 LOW· v4 5.0 MEDIUM· v3 N/A· v2 Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2025-20052 - - May 16, 2025 May 13, 2025 6.9 MEDIUM· v4 7.3 HIGH· v3 N/A· v2 Improper access control for some Intel(R) Graphics software may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-45371 - - May 16, 2025 May 13, 2025 5.2 MEDIUM· v4 6.7 MEDIUM· v3 N/A· v2 Improper access control for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.0.101.6077 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-45333 - - May 16, 2025 May 13, 2025 6.9 MEDIUM· v4 7.3 HIGH· v3 N/A· v2 Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-43101 - - May 16, 2025 May 13, 2025 5.8 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver software before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-39758 - - May 16, 2025 May 13, 2025 5.1 MEDIUM· v4 5.9 MEDIUM· v3 N/A· v2 Improper access control for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 31.0.101.4032 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2025-29973 1Microsoft 1Azure File Sync May 19, 2025 May 13, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.
CVE-2024-6364 1Absolute 1Persistence Nov 19, 2025 May 13, 2025 6.9 MEDIUM· v4 6.4 MEDIUM· v3 N/A· v2 A vulnerability in Absolute Persistence® versions before 2.8 exists when it is not activated. This may allow a skilled attacker with both physical access to the device, and full hostile network control, to initiate OS co...Show more A vulnerability in Absolute Persistence® versions before 2.8 exists when it is not activated. This may allow a skilled attacker with both physical access to the device, and full hostile network control, to initiate OS commands on the device. To remediate this vulnerability, update the device firmware to the latest available version. Please contact the device manufacturer for upgrade instructions or contact Absolute Security, see reference below.Show less
CVE-2025-31260 1Apple 1Macos Nov 3, 2025 May 12, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
CVE-2025-31258 1Apple 1Macos Nov 3, 2025 May 12, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.
CVE-2025-31247 1Apple 1Macos Apr 2, 2026 May 12, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An attacker may gain access to protected parts of the file system.
CVE-2025-31232 1Apple 1Macos Apr 2, 2026 May 12, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. A sandboxed app may be able to access sensitive user data.
CVE-2025-31212 1Apple 6Ipados Iphone OsMacos+3 more Apr 2, 2026 May 12, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. An app may be able to access sensitive user data.
CVE-2025-31195 1Apple 1Macos May 27, 2025 May 12, 2025 N/A· v4 6.3 MEDIUM· v3 N/A· v2 The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox.

Previous 1...798081...255 Next