Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVEs (5,090)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-39895 1Google 1Android Nov 21, 2024 Dec 8, 2022 N/A· v4 3.3 LOW· v3 N/A· v2 Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent.
CVE-2022-39894 1Google 1Android Nov 21, 2024 Dec 8, 2022 N/A· v4 3.3 LOW· v3 N/A· v2 Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.
CVE-2022-37918 1Arubanetworks 1Airwave Apr 23, 2025 Dec 8, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privile...Show more Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. Show less
CVE-2022-37917 1Arubanetworks 1Airwave Apr 23, 2025 Dec 8, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privile...Show more Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. Show less
CVE-2022-37916 1Arubanetworks 1Airwave Apr 23, 2025 Dec 8, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privile...Show more Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. Show less
CVE-2022-35843 1Fortinet 2Fortios Fortiproxy Nov 21, 2024 Dec 6, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login...Show more An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server.Show less
CVE-2022-44212 1Gl Inet 1Goodcloud Apr 24, 2025 Dec 1, 2022 N/A· v4 5.9 MEDIUM· v3 N/A· v2 In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel.
CVE-2022-44211 1Gl Inet 1Goodcloud Apr 24, 2025 Dec 1, 2022 N/A· v4 7.4 HIGH· v3 N/A· v2 In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings.
CVE-2022-41970 1Nextcloud 1Nextcloud Server Nov 21, 2024 Dec 1, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents (f...Show more Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents (first page) can be downloaded without being watermarked. Versions 24.0.7 and 25.0.1 contain a fix for this issue. No known workarounds are available.Show less
CVE-2022-4229 1Book Store Management System Project 1Book Store Management System Nov 21, 2024 Nov 30, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access contr...Show more A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588.Show less
CVE-2022-44037 1Apsystems 1Ecu C Firmware Apr 25, 2025 Nov 29, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions...Show more An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product's range.Show less
CVE-2022-45475 1Prasathmani 1Tiny File Manager Dec 31, 2025 Nov 25, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control.
CVE-2022-38377 1Fortinet 2Fortianalyzer Fortimanager Nov 21, 2024 Nov 25, 2022 N/A· v4 2.7 LOW· v3 N/A· v2 An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6....Show more An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.Show less
CVE-2022-39070 1Zte 2Zxa10 C300m Firmware Zxa10 C350m Firmware Apr 29, 2025 Nov 22, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.
CVE-2022-4087 1Ipxe 1Ipxe Nov 21, 2024 Nov 21, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len...Show more A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure through discrepancy. The name of the patch is 186306d6199096b7a7c4b4574d4be8cdb8426729. It is recommended to apply a patch to fix this issue. VDB-214054 is the identifier assigned to this vulnerability.Show less
CVE-2022-41155 1Webence 1Iq Block Country Feb 20, 2025 Nov 19, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress.
CVE-2022-41135 1Wpchill 1Customizable Wordpress Gallery Plugin Modula Image Gallery Nov 21, 2024 Nov 18, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 on WordPress.
CVE-2022-40216 1Wordplus 1Better Messages Apr 28, 2026 Nov 18, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on WordPress.
CVE-2022-34827 1Carel 1Boss Mini Firmware Apr 29, 2025 Nov 18, 2022 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Carel Boss Mini 1.5.0 has Improper Access Control.
CVE-2022-41652 1Expresstech 1Quiz And Survey Master Feb 20, 2025 Nov 18, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.

Previous 1...169170171...255 Next