Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,090)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-22250 1Adobe 2Commerce Magento Open Source Nov 21, 2024 Mar 27, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerabi...Show more Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.Show less
CVE-2023-1647 1Cal 1Cal.com Nov 21, 2024 Mar 27, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Access Control in GitHub repository calcom/cal.com prior to 2.7.
CVE-2023-28443 1Monospace 1Directus Nov 21, 2024 Mar 24, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users wi...Show more Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3.Show less
CVE-2023-26360 1Adobe 1Coldfusion Oct 23, 2025 Mar 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current...Show more Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.Show less
CVE-2023-20065 1Cisco 1Ios Xe Nov 21, 2024 Mar 23, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to i...Show more A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit this vulnerability by logging in to and then escaping the Cisco IOx application container. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.Show less
CVE-2023-1557 1E Commerce System Project 1E Commerce System Nov 21, 2024 Mar 22, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ecommerce/admin/user/controller.php?action=edit of the c...Show more A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ecommerce/admin/user/controller.php?action=edit of the component Username Handler. The manipulation of the argument USERID leads to improper access controls. The attack may be launched remotely. VDB-223550 is the identifier assigned to this vulnerability.Show less
CVE-2023-25595 1Arubanetworks 1Clearpass Policy Manager Feb 27, 2025 Mar 22, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A vulnerability exists in the ClearPass OnGuard Ubuntu agent that allows for an attacker with local Ubuntu instance access to potentially obtain sensitive information. Successful Exploitation of this vulnerability allow...Show more A vulnerability exists in the ClearPass OnGuard Ubuntu agent that allows for an attacker with local Ubuntu instance access to potentially obtain sensitive information. Successful Exploitation of this vulnerability allows an attacker to retrieve information that is of a sensitive nature to the ClearPass/OnGuard environment.Show less
CVE-2023-27578 1Galaxyproject 1Galaxy Nov 21, 2024 Mar 20, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Galaxy is an open-source platform for data analysis. All supported versions of Galaxy are affected prior to 22.01, 22.05, and 23.0 are affected by an insufficient permission check. Unsupported versions are likely affecte...Show more Galaxy is an open-source platform for data analysis. All supported versions of Galaxy are affected prior to 22.01, 22.05, and 23.0 are affected by an insufficient permission check. Unsupported versions are likely affected as far back as the functionality of Visualizations/Pages exists. Due to this issue, an attacker can modify or delete any Galaxy Visualization or Galaxy Page given they know the encoded ID of it. Additionally, they can copy or import any Galaxy Visualization given they know the encoded ID of it. Patches are available for versions 22.01, 22.05, and 23.0. For the changes to take effect, you must restart all Galaxy server processes. There are no supported workarounds.Show less
CVE-2023-1491 1Maxpcsecure 1Anti Virus Plus Nov 21, 2024 Mar 18, 2023 N/A· v4 5.5 MEDIUM· v3 3.2 LOW· v2 A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been classified as critical. This affects the function 0x220020 in the library MaxCryptMon.sys of the component IoControlCode Handler. The manipula...Show more A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been classified as critical. This affects the function 0x220020 in the library MaxCryptMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-223377 was assigned to this vulnerability.Show less
CVE-2023-1490 1Maxpcsecure 1Anti Virus Plus Nov 21, 2024 Mar 18, 2023 N/A· v4 5.5 MEDIUM· v3 3.2 LOW· v2 A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and classified as critical. Affected by this issue is the function 0x220020 in the library SDActMon.sys of the component IoControlCode Handler. The manipul...Show more A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and classified as critical. Affected by this issue is the function 0x220020 in the library SDActMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223376.Show less
CVE-2023-1489 1Wisecleaner 1Wise System Monitor Nov 21, 2024 Mar 18, 2023 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54 and classified as critical. Affected by this vulnerability is the function 0x9C402088 in the library WiseHDInfo64.dll of the component Io...Show more A vulnerability has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54 and classified as critical. Affected by this vulnerability is the function 0x9C402088 in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223375.Show less
CVE-2023-1486 1Wisecleaner 1Wise Force Deleter Nov 21, 2024 Mar 18, 2023 N/A· v4 7.1 HIGH· v3 3.2 LOW· v2 A vulnerability classified as problematic was found in Lespeed WiseCleaner Wise Force Deleter 1.5.3.54. This vulnerability affects the function 0x220004 in the library WiseUnlock64.sys of the component IoControlCode Hand...Show more A vulnerability classified as problematic was found in Lespeed WiseCleaner Wise Force Deleter 1.5.3.54. This vulnerability affects the function 0x220004 in the library WiseUnlock64.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223372.Show less
CVE-2023-1453 1Watchdog 1Anti Virus Nov 21, 2024 Mar 17, 2023 N/A· v4 7.1 HIGH· v3 3.2 LOW· v2 A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has been rated as critical. Affected by this issue is the function 0x80002008 in the library wsdk-driver.sys of the component IoControlCode Handler. The mani...Show more A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has been rated as critical. Affected by this issue is the function 0x80002008 in the library wsdk-driver.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-223298 is the identifier assigned to this vulnerability.Show less
CVE-2023-28531 2Netapp Openbsd 4Brocade Fabric Operating System Hci Bootstrap OsOpenssh+1 more May 28, 2026 Mar 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
CVE-2023-21465 1Samsung 1Bixbytouch Nov 21, 2024 Mar 16, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper access control vulnerability in BixbyTouch prior to version 3.2.02.5 in China models allows untrusted applications access local files.
CVE-2023-21463 1Samsung 1Myfiles Nov 21, 2024 Mar 16, 2023 N/A· v4 3.3 LOW· v3 N/A· v2 Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret m...Show more Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application with specific conditions.Show less
CVE-2023-21457 1Samsung 1Android Nov 21, 2024 Mar 16, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission.
CVE-2023-0811 1Omron 128Sysmac Cj2h Cpu64 Eip Firmware Sysmac Cj2h Cpu64 FirmwareSysmac Cj2h Cpu65 Eip Firmware+125 more Nov 21, 2024 Mar 16, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the...Show more Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program. Show less
CVE-2023-27875 1Ibm 1Aspera Faspex Feb 26, 2025 Mar 16, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847.
CVE-2023-1432 2Online Food Ordering System Project Oretnom23 2Online Food Ordering System Online Food Ordering System Mar 30, 2026 Mar 16, 2023 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=save_settings of the com...Show more A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=save_settings of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be launched remotely. VDB-223214 is the identifier assigned to this vulnerability.Show less

Previous 1...160161162...255 Next