CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,300 vulnerabilities with CWE-284
CVE-2024-41332 MEDIUM
Computer Laboratory Management System 1.0 - Authenticated Privilege Escalation via Delete Category Function
CVSS 6.5
CVE-2024-40480 CRITICAL
Kashipara Online Exam System <1.0 - Info Disclosure
CVSS 9.8
CVE-2024-40475 HIGH
SourceCodester Best House Rental Management System v1.0 - Incorrect Access Control
CVSS 8.8
CVE-2024-29082 HIGH
Vonets Industrial WiFi Bridge Firmware < 3.3.23.6.9 - Unauthenticated Factory Reset via Unprotected Goform Endpoints
CVSS 8.6
CVE-2024-0104 MEDIUM
NVIDIA ONYX < 3.10.4402 - Improper Access Control in LDAP AAA Component
CVSS 4.2
CVE-2024-42354 MEDIUM
Shopware < 6.5.8.13 - Improper Access Control via ManyToMany Association Handling
CVSS 5.3
CVE-2024-42033 MEDIUM
Huawei EMUI and HarmonyOS - Improper Access Control in Security Verification Module
CVSS 6.9
CVE-2024-38202 HIGH
Windows Update - Privilege Escalation
CVSS 7.3
CVE-2024-21302 MEDIUM
Windows 10/11, Server 2016-2018 EoP via Virtualization-Based Security Rollback
CVSS 6.7
CVE-2024-41912 CRITICAL
HP Poly Clariti Manager < 10.12.0.2_100 - Improper Access Control
CVSS 9.8
CVE-2024-41250 MEDIUM
Kashipara Responsive School Management System v3.2.0 - Unauthenticated Access Control Bypass in /smsa/view_students.php
CVSS 5.3
CVE-2024-41245 MEDIUM
Kashipara Responsive School Management System 3.2.0 - Unauthenticated Incorrect Access Control in Teacher View Endpoint
CVSS 5.3
CVE-2024-41244 MEDIUM
Kashipara Responsive School Management System v3.2.0 - Unauthenticated Incorrect Access Control in /smsa/view_class.php
CVSS 5.3
CVE-2024-41243 MEDIUM
Kashipara Responsive School Management System 3.2.0 - Unauthenticated Incorrect Access Control in view_marks.php
CVSS 5.3
CVE-2024-41309 HIGH
Enjay CRM 1.0 - Privilege Escalation via Hardware Info Module
CVSS 7.8
CVE-2024-41308 HIGH
enjay_crm 1.0 - Improper Access Control via Ping Feature
CVSS 7.8
CVE-2024-41252 MEDIUM
Kashipara Responsive School Management System v3.2.0 - Unauthenticated Access Control Bypass in Student Registration
CVSS 6.5
CVE-2024-41251 MEDIUM
Kashipara Responsive School Management System v3.2.0 - Unauthenticated Access Control Bypass in Teacher Registration
CVSS 6.5
CVE-2024-41249 MEDIUM
Kashipara Responsive School Management System v3.2.0 - Unauthenticated Access Control Bypass in /smsa/view_subject.php
CVSS 5.3
CVE-2024-41248 MEDIUM
Kashipara Responsive School Management System v3.2.0 - Unauthenticated Incorrect Access Control in Subject Addition
CVSS 5.3
CVE-2024-41247 MEDIUM
Kashipara Responsive School Management System v3.2.0 - Unauthenticated Incorrect Access Control in Class Addition
CVSS 5.3
CVE-2024-41246 MEDIUM
Kashipara Responsive School Management System v3.2.0 - Unauthenticated Incorrect Access Control in Admin Dashboard
CVSS 5.3
CVE-2024-7553 HIGH
Mongodb < 5.0.27 - Improper Access Control
CVSS 7.3
CVE-2024-7525 HIGH
Firefox < 129 and ESR < 115.14 - Improper Access Control via StreamFilter
CVSS 8.1
CVE-2024-40531 HIGH
Pantera CRM <402.072 - Privilege Escalation
CVSS 8.8
Details
Vulnerabilities 5,300
Links
MITRE CWE Entry Search this CWE With Exploits