Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,090)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-13635 - - Mar 7, 2025 Mar 7, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The VK Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.94.2.2 via the page content block. This makes it possible for authenticated attackers, with Contr...Show more The VK Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.94.2.2 via the page content block. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of private posts and pages.Show less
CVE-2025-25381 - - Mar 12, 2025 Mar 6, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Incorrect access control in the KSRTC AWATAR app of Karnataka State Road Transport Corporation v1.3.0 allows to view sensitive information such as usernames and passwords.
CVE-2025-2035 1S A Zhd 1Ecommerce Website Using Php Oct 15, 2025 Mar 6, 2025 5.3 MEDIUM· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability was found in s-a-zhd Ecommerce-Website-using-PHP 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /customer_register.php. The manipulation of the argument n...Show more A vulnerability was found in s-a-zhd Ecommerce-Website-using-PHP 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /customer_register.php. The manipulation of the argument name leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-2031 11000mz 1Chestnutcms May 12, 2025 Mar 6, 2025 5.3 MEDIUM· v4 7.6 HIGH· v3 6.5 MEDIUM· v2 A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. The manipulation of the argument file leads to unrestricted upl...Show more A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-56196 1Apache 1Traffic Server May 7, 2025 Mar 6, 2025 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 10.0.4, which fixes the issue.
CVE-2024-56195 1Apache 1Traffic Server Apr 29, 2025 Mar 6, 2025 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0....Show more Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.Show less
CVE-2025-27649 1Printerlogic 2Vasion Print Virtual Appliance Nov 3, 2025 Mar 5, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.893 Application 20.0.2140 allows Incorrect Access Control: PHP V-2023-016.
CVE-2025-27646 1Printerlogic 2Vasion Print Virtual Appliance Nov 3, 2025 Mar 5, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Edit User Account Exposure V-2024-001.
CVE-2025-1260 - - Mar 4, 2025 Mar 4, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in unexpected configuration/operations being applied to the switch.
CVE-2025-1259 - - Mar 4, 2025 Mar 4, 2025 N/A· v4 7.7 HIGH· v3 N/A· v2 On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in users retrieving data that should not have been available
CVE-2020-3122 1Cisco 1Asyncos Jul 31, 2025 Mar 4, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to obtain sensitive network information.
CVE-2025-1941 1Mozilla 1Firefox Apr 13, 2026 Mar 4, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability was fixed in Firefox 136.
CVE-2025-1890 1Shishuocms Project 1Shishuocms Mar 5, 2025 Mar 4, 2025 5.3 MEDIUM· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability has been found in shishuocms 1.1 and classified as critical. This vulnerability affects the function handleRequest of the file src/main/java/com/shishuo/cms/action/manage/ManageUpLoadAction.java. The mani...Show more A vulnerability has been found in shishuocms 1.1 and classified as critical. This vulnerability affects the function handleRequest of the file src/main/java/com/shishuo/cms/action/manage/ManageUpLoadAction.java. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-1882 1I Drive 2I11 Firmware I12 Firmware Mar 5, 2025 Mar 3, 2025 2.3 LOW· v4 7.0 HIGH· v3 4.3 MEDIUM· v2 A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been rated as critical. Affected by this issue is some unknown functionality of the component Device Setting Handler. The manipulation leads to impr...Show more A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been rated as critical. Affected by this issue is some unknown functionality of the component Device Setting Handler. The manipulation leads to improper access control for register interface. The attack needs to be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life.Show less
CVE-2025-1881 1I Drive 2I11 Firmware I12 Firmware Mar 5, 2025 Mar 3, 2025 5.3 MEDIUM· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Video Footage/Live Video Stream. The manip...Show more A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Video Footage/Live Video Stream. The manipulation leads to improper access controls. The attack can be launched remotely. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life.Show less
CVE-2024-51954 1Esri 1Arcgis Server Feb 13, 2026 Mar 3, 2025 N/A· v4 8.5 HIGH· v3 N/A· v2 There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux which, under unique circumstances, could allow a remote, low‑privileged authenticated attacker to access secure serv...Show more There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux which, under unique circumstances, could allow a remote, low‑privileged authenticated attacker to access secure services published to a standalone (unfederated) ArcGIS Server instance. Successful exploitation results in unauthorized access to protected services outside the attacker’s originally assigned authorization boundary, constituting a scope change. If exploited, this issue would have a high impact on confidentiality, a low impact on integrity, and no impact on the availability of the software.Show less
CVE-2025-25950 1Serosoft 1Academia Student Information System Dec 12, 2025 Mar 3, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administra...Show more Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.Show less
CVE-2025-25948 1Academiaerp 1Student Information System Jan 29, 2026 Mar 3, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administra...Show more Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.Show less
CVE-2025-1835 - - Mar 3, 2025 Mar 2, 2025 5.3 MEDIUM· v4 6.3 MEDIUM· v3 6.5 MEDIUM· v2 A vulnerability has been found in osuuu LightPicture 1.2.2 and classified as critical. This vulnerability affects the function upload of the file /app/controller/Api.php. The manipulation of the argument file leads to un...Show more A vulnerability has been found in osuuu LightPicture 1.2.2 and classified as critical. This vulnerability affects the function upload of the file /app/controller/Api.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-1834 1Zframeworks 1Zz May 26, 2025 Mar 2, 2025 5.3 MEDIUM· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability, which was classified as critical, was found in zj1983 zz up to 2024-8. This affects an unknown part of the file /resolve. The manipulation of the argument file leads to unrestricted upload. It is possibl...Show more A vulnerability, which was classified as critical, was found in zj1983 zz up to 2024-8. This affects an unknown part of the file /resolve. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less

Previous 1...959697...255 Next