Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,090)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-41912 1Hp 1Poly Clariti Manager Oct 2, 2025 Aug 7, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls.
CVE-2024-41250 1Lopalopa 1Responsive School Management System Mar 14, 2025 Aug 7, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details.
CVE-2024-41245 1Lopalopa 1Responsive School Management System Aug 8, 2024 Aug 7, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An Incorrect Access Control vulnerability was found in /smsa/view_teachers.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view TEACHER details.
CVE-2024-41244 1Lopalopa 1Responsive School Management System Aug 8, 2024 Aug 7, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An Incorrect Access Control vulnerability was found in /smsa/view_class.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view CLASS details.
CVE-2024-41243 1Lopalopa 1Responsive School Management System Mar 19, 2025 Aug 7, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An Incorrect Access Control vulnerability was found in /smsa/view_marks.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view MARKS details.
CVE-2024-41309 1Enjayworld 1Enjay Crm Aug 8, 2024 Aug 7, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.
CVE-2024-41308 1Enjayworld 1Enjay Crm Aug 8, 2024 Aug 7, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system.
CVE-2024-41252 1Lopalopa 1Responsive School Management System Aug 8, 2024 Aug 7, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows...Show more An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve student registration.Show less
CVE-2024-41251 1Lopalopa 1Responsive School Management System Mar 13, 2025 Aug 7, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows...Show more An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration.Show less
CVE-2024-41249 1Lopalopa 1Responsive School Management System Aug 8, 2024 Aug 7, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT details.
CVE-2024-41248 1Lopalopa 1Responsive School Management System Aug 8, 2024 Aug 7, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An Incorrect Access Control vulnerability was found in /smsa/add_subject.php and /smsa/add_subject_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add...Show more An Incorrect Access Control vulnerability was found in /smsa/add_subject.php and /smsa/add_subject_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new subject entry.Show less
CVE-2024-41247 1Lopalopa 1Responsive School Management System Aug 8, 2024 Aug 7, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa/add_class_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a ne...Show more An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa/add_class_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new class entry.Show less
CVE-2024-41246 1Lopalopa 1Responsive School Management System Mar 27, 2025 Aug 7, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An Incorrect Access Control vulnerability was found in /smsa/admin_dashboard.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view administrator dashboard.
CVE-2024-7553 1Mongodb 3C Driver MongodbPhp Driver Sep 19, 2024 Aug 7, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour...Show more Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1. Required Configuration: Only environments with Windows as the underlying operating system is affected by this issueShow less
CVE-2024-7525 1Mozilla 3Firefox Firefox EsrThunderbird Aug 12, 2024 Aug 6, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox...Show more It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.Show less
CVE-2024-40531 - - Mar 14, 2025 Aug 5, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A mass assignment vulnerability exists in Pantera CRM versions 401.152 and 402.072. This flaw allows authenticated users to modify any user attribute, including roles, by injecting additional parameters via profile manag...Show more A mass assignment vulnerability exists in Pantera CRM versions 401.152 and 402.072. This flaw allows authenticated users to modify any user attribute, including roles, by injecting additional parameters via profile management functions.Show less
CVE-2024-33027 1Qualcomm 90205 Mobile Platform Firmware 215 Mobile Platform Firmware315 5g Iot Modem Firmware+87 more Nov 20, 2024 Aug 5, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.
CVE-2024-41518 1Mecodia 1Feripro Sep 3, 2024 Aug 2, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations and participants.
CVE-2024-41926 1Mattermost 1Mattermost Server Sep 4, 2024 Aug 1, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users...Show more Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote.Show less
CVE-2024-41162 1Mattermost 1Mattermost Server Sep 4, 2024 Aug 1, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to...Show more Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only.Show less

Previous 1...116117118...255 Next