Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,090)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-45397 1Dena 1H2o Nov 12, 2024 Oct 11, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used,...Show more h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by packets with a spoofed source address. This behavior allows attackers on the network to execute HTTP requests from addresses that are otherwise rejected by the address-based access control. The vulnerability has been addressed in commit 15ed15a. Users may disable the use of TCP FastOpen and QUIC to mitigate the issue.Show less
CVE-2024-45149 1Adobe 3Commerce Commerce B2bMagento Dec 12, 2024 Oct 10, 2024 N/A· v4 2.7 LOW· v3 N/A· v2 Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could levera...Show more Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.Show less
CVE-2024-45135 1Adobe 3Commerce Commerce B2bMagento Oct 11, 2024 Oct 10, 2024 N/A· v4 2.7 LOW· v3 N/A· v2 Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this v...Show more Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.Show less
CVE-2024-45133 1Adobe 3Commerce Commerce B2bMagento Oct 11, 2024 Oct 10, 2024 N/A· v4 2.7 LOW· v3 N/A· v2 Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vuln...Show more Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.Show less
CVE-2024-45130 1Adobe 3Commerce Commerce B2bMagento Oct 11, 2024 Oct 10, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverag...Show more Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.Show less
CVE-2024-45129 1Adobe 3Commerce Commerce B2bMagento Oct 11, 2024 Oct 10, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage thi...Show more Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.Show less
CVE-2024-45124 1Adobe 3Commerce Commerce B2bMagento Oct 11, 2024 Oct 10, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnera...Show more Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.Show less
CVE-2024-45122 1Adobe 3Commerce Commerce B2bMagento Oct 10, 2024 Oct 10, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverag...Show more Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.Show less
CVE-2024-45121 1Adobe 3Commerce Commerce B2bMagento Oct 10, 2024 Oct 10, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverag...Show more Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.Show less
CVE-2024-45118 1Adobe 3Commerce Commerce B2bMagento Oct 10, 2024 Oct 10, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverag...Show more Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction.Show less
CVE-2024-42988 - - Feb 10, 2025 Oct 9, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Lack of access control in ChallengeSolves (/api/v1/challenges/<challenge id>/solves) of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account...Show more Lack of access control in ChallengeSolves (/api/v1/challenges/<challenge id>/solves) of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+.Show less
CVE-2024-46539 - - Oct 10, 2024 Oct 8, 2024 N/A· v4 8.2 HIGH· v3 N/A· v2 Insecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a Denial of Service (DoS).
CVE-2024-43590 1Microsoft 3Visual Studio 2017 Visual Studio 2019Visual Studio 2022 Oct 16, 2024 Oct 8, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
CVE-2024-43503 1Microsoft 1Sharepoint Server Oct 17, 2024 Oct 8, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2024-43456 1Microsoft 6Windows Server 2008 Windows Server 2012Windows Server 2016+3 more Oct 21, 2024 Oct 8, 2024 N/A· v4 7.4 HIGH· v3 N/A· v2 Windows Remote Desktop Services Tampering Vulnerability
CVE-2024-47976 - - Mar 13, 2025 Oct 7, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access.
CVE-2024-47975 - - Aug 27, 2025 Oct 7, 2024 N/A· v4 7.0 HIGH· v3 N/A· v2 Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service.
CVE-2024-9576 1Workbooth Project 1Workbooth Nov 12, 2024 Oct 7, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate privileges to the root user by manipulating the network configuration script.
CVE-2024-47910 - - Oct 7, 2024 Oct 4, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed...Show more An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT.Show less
CVE-2023-26770 1Taskcafe Project 1Taskcafe May 27, 2025 Oct 4, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user.

Previous 1...109110111...255 Next