Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,090)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-36080 - - Nov 21, 2024 May 19, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the netw...Show more Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network.Show less
CVE-2024-21828 - - Nov 21, 2024 May 16, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Improper access control in some Intel(R) Ethernet Controller Administrative Tools software before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-47859 - - Nov 21, 2024 May 16, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper access control for some Intel(R) Wireless Bluetooth products for Windows before version 23.20 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-45217 1Intel 1Power Gadget Aug 28, 2025 May 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-43748 1Intel 1Graphics Performance Analyzers Framework Jan 23, 2025 May 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-43487 - - Nov 21, 2024 May 16, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 Improper access control in some Intel(R) CST before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-40071 1Intel 1Graphics Performance Analyzers Jan 23, 2025 May 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-40070 1Intel 1Power Gadget Sep 2, 2025 May 16, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-39433 - - Nov 21, 2024 May 16, 2024 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Improper access control for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-37410 - - Nov 21, 2024 May 16, 2024 N/A· v4 7.0 HIGH· v3 N/A· v2 Improper access control for some Intel(R) Thunderbolt driver software before version 89 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-37341 1Intel 4Ethernet Adapter Complete Driver Ethernet Controller I225 It FirmwareEthernet Controller I225 Lm Firmware+1 more Jan 7, 2026 May 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-4263 1Lfprojects 1Mlflow Feb 3, 2025 May 16, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of p...Show more A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege user to delete a directory inside an artifact using a DELETE request, despite the official documentation stating that users with EDIT permission can only read and update artifacts, not delete them.Show less
CVE-2024-28087 - - Nov 21, 2024 May 15, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are...Show more In Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in Subscription edition and have now been restored in Community edition, where they are not custmizable.Show less
CVE-2024-34099 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Dec 2, 2024 May 15, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of th...Show more Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2024-0437 - - Apr 8, 2026 May 15, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API....Show more The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or higher, to extract post titles and content, thus bypassing the plugin's password protection.Show less
CVE-2024-30059 1Microsoft 1Intune Mobile Application Management Jan 8, 2025 May 14, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Microsoft Intune for Android Mobile Application Management Tampering Vulnerability
CVE-2024-33647 - - Aug 27, 2025 May 14, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query...Show more A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects.Show less
CVE-2024-2749 1Vikwp 1Vikbooking Hotel Booking Engine & Pms May 5, 2025 May 14, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and...Show more The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting (categories for example) despite initial settings prohibiting such access. This vulnerability resembles broken access control, enabling unauthorized users to modify critical VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 configurations.Show less
CVE-2024-27841 1Apple 3Ipados Iphone OsMacos Apr 2, 2026 May 14, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to disclose kernel memory.
CVE-2024-27803 1Apple 2Ipados Iphone Os Apr 2, 2026 May 14, 2024 N/A· v4 2.4 LOW· v3 N/A· v2 A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen.

Previous 1...124125126...255 Next