Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,090)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-36404 1Microsoft 11Windows 10 1607 Windows 10 1809Windows 10 21h2+8 more Jan 1, 2025 Nov 14, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Windows Kernel Information Disclosure Vulnerability
CVE-2023-26205 1Fortinet 1Fortiadc Nov 21, 2024 Nov 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate t...Show more An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script.Show less
CVE-2023-46601 1Siemens 1Comos Nov 21, 2024 Nov 14, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database directly to access...Show more A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database directly to access information that the user should not have access to.Show less
CVE-2023-43505 1Siemens 1Comos Nov 21, 2024 Nov 14, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in SMB shares. This could allow an attacker to access files that the user should not have access to.
CVE-2023-43901 1Emsigner 1Emsigner Nov 21, 2024 Nov 14, 2023 N/A· v4 5.9 MEDIUM· v3 N/A· v2 Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user.
CVE-2023-6073 1Volkswagen 1Id.3 Firmware Nov 21, 2024 Nov 10, 2023 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio...Show more Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls. Show less
CVE-2023-5543 2Fedoraproject Moodle 3Extra Packages For Enterprise Linux FedoraMoodle Nov 21, 2024 Nov 9, 2023 N/A· v4 3.3 LOW· v3 N/A· v2 When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.
CVE-2023-5549 2Fedoraproject Moodle 3Extra Packages For Enterprise Linux FedoraMoodle Nov 21, 2024 Nov 9, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.
CVE-2023-5542 2Fedoraproject Moodle 3Extra Packages For Enterprise Linux FedoraMoodle Nov 21, 2024 Nov 9, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Students in "Only see own membership" groups could see other students in the group, which should be hidden.
CVE-2023-47110 1Prestashop 1Customer Reassurance Block Nov 21, 2024 Nov 9, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the config...Show more blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4.Show less
CVE-2023-46759 1Huawei 2Emui Harmonyos Nov 21, 2024 Nov 8, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-46755 1Huawei 2Emui Harmonyos Nov 21, 2024 Nov 8, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart.
CVE-2023-46501 1Boltwire 1Boltwire Nov 21, 2024 Nov 7, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function.
CVE-2023-42542 1Samsung 1Push Service Mar 6, 2025 Nov 7, 2023 N/A· v4 3.3 LOW· v3 N/A· v2 Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device.
CVE-2023-42540 1Samsung 1Account Mar 6, 2025 Nov 7, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent.
CVE-2023-5976 1Microweber 1Microweber Nov 21, 2024 Nov 7, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Improper Access Control in GitHub repository microweber/microweber prior to 2.0.
CVE-2018-25093 1Vaerys Dawn 1Discordsailv2 Nov 21, 2024 Nov 6, 2023 N/A· v4 9.8 CRITICAL· v3 5.2 MEDIUM· v2 A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Tag Handler. The manipulation leads to improper ac...Show more A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Tag Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The name of the patch is cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-244484.Show less
CVE-2018-25092 1Vaerys Dawn 1Discordsailv2 Nov 21, 2024 Nov 5, 2023 N/A· v4 9.8 CRITICAL· v3 5.2 MEDIUM· v2 A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation...Show more A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The patch is named cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244483.Show less
CVE-2023-36620 1Nationaledtech 1Boomerang Nov 21, 2024 Nov 3, 2023 N/A· v4 4.6 MEDIUM· v3 N/A· v2 An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal me...Show more An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API.Show less
CVE-2023-31020 1Nvidia 1Virtual Gpu Nov 21, 2024 Nov 2, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or data tampering.

Previous 1...146147148...255 Next