Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,090)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-24272 1Apple 1Macos Apr 2, 2026 Mar 31, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to modify protected parts of the file system.
CVE-2025-24248 1Apple 1Macos Nov 3, 2025 Mar 31, 2025 N/A· v4 5.0 MEDIUM· v3 N/A· v2 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to enumerate devices that have signed into the user's Apple Account.
CVE-2025-24241 1Apple 1Macos Apr 2, 2026 Mar 31, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to trick a user into copying sensitive data to th...Show more A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to trick a user into copying sensitive data to the pasteboard.Show less
CVE-2025-24236 1Apple 1Macos Nov 3, 2025 Mar 31, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.
CVE-2025-24229 1Apple 1Macos Apr 2, 2026 Mar 31, 2025 N/A· v4 7.4 HIGH· v3 N/A· v2 A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A sandboxed app may be able to access sensitive user data.
CVE-2025-24218 1Apple 1Macos Nov 3, 2025 Mar 31, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.4. An app may be able to access information about a user's contacts.
CVE-2025-24215 1Apple 2Ipados Macos Apr 2, 2026 Mar 31, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information.
CVE-2025-24214 1Apple 5Ipados Iphone OsMacos+2 more Apr 2, 2026 Mar 31, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A privacy issue was addressed by not logging contents of text fields. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to access sensitive use...Show more A privacy issue was addressed by not logging contents of text fields. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to access sensitive user data.Show less
CVE-2025-24205 1Apple 3Ipados Iphone OsMacos Apr 2, 2026 Mar 31, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to ac...Show more An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access user-sensitive data.Show less
CVE-2025-24202 1Apple 3Ipados Iphone OsMacos Nov 3, 2025 Mar 31, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
CVE-2025-24198 1Apple 3Ipados Iphone OsMacos Apr 2, 2026 Mar 31, 2025 N/A· v4 6.6 MEDIUM· v3 N/A· v2 This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker with...Show more This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker with physical access may be able to use Siri to access sensitive user data.Show less
CVE-2025-24193 1Apple 2Ipados Iphone Os Nov 3, 2025 Mar 31, 2025 N/A· v4 2.4 LOW· v3 N/A· v2 This issue was addressed with improved authentication. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker with a USB-C connection to an unlocked device may be able to programmatically access photos.
CVE-2025-24173 1Apple 5Ipados Iphone OsMacos+2 more Apr 2, 2026 Mar 31, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS...Show more This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to break out of its sandbox.Show less
CVE-2024-54533 1Apple 1Macos Apr 2, 2026 Mar 31, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access sensitive user data.
CVE-2025-31125 1Vitejs 1Vite Jan 23, 2026 Mar 31, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server...Show more Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.Show less
CVE-2025-22940 1Adtran 1411 Firmware Aug 18, 2025 Mar 31, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Incorrect access control in Adtran 411 ONT L80.00.0011.M2 allows unauthorized attackers to arbitrarily set the admin password.
CVE-2025-2996 1Tenda 1Fh1202 Firmware Apr 8, 2025 Mar 31, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. This issue affects some unknown processing of the file /goform/SysToolDDNS of the component Web Management Interface. The manipulation l...Show more A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. This issue affects some unknown processing of the file /goform/SysToolDDNS of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-2995 1Tenda 1Fh1202 Firmware Apr 8, 2025 Mar 31, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects unknown code of the file /goform/SysToolChangePwd of the component Web Management Interface. The manipul...Show more A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects unknown code of the file /goform/SysToolChangePwd of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-2994 1Tenda 1Fh1202 Firmware Apr 7, 2025 Mar 31, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to...Show more A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-2993 1Tenda 1Fh1202 Firmware Apr 8, 2025 Mar 31, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads...Show more A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Show less

Previous 1...909192...255 Next