CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,270 vulnerabilities with CWE-284
CVE-2025-15426 HIGH
H-ui.admin <3.1 - Unrestricted Upload
CVSS 7.3
CVE-2025-15423 MEDIUM
EmpireCMS < 8.0 - Unrestricted File Upload via CheckSaveTranFiletype Function
CVSS 6.3
CVE-2025-15415 MEDIUM
wangmarket < 6.4 - Unrestricted File Upload via XML File Handler
CVSS 4.7
CVE-2025-15404 MEDIUM
campcodes School File Management System 1.0 - Unrestricted File Upload via File Parameter in save_file.php
CVSS 6.3
CVE-2025-15360 MEDIUM
newbee-mall-plus 2.0.0 - Unrestricted File Upload via Product Information Edit Page
CVSS 4.7
CVE-2025-69257 MEDIUM
theshit < 0.1.1 - Privilege Escalation via Untrusted Configuration File Execution
CVSS 6.7
CVE-2025-15262 MEDIUM
BiggiDroid Simple PHP CMS 1.0 - Unrestricted File Upload via Site Logo Handler
CVSS 4.7
CVE-2025-15199 MEDIUM
College Notes Uploading System 1.0 - Unrestricted File Upload via User Profile Image Parameter
CVSS 6.3
CVE-2025-15197 MEDIUM
News-Buzz 1.0 - Unrestricted File Upload via Image Argument in Edit Posts
CVSS 4.7
CVE-2025-15152 MEDIUM
h-moses moga-mall <392d631a5ef15962a9bddeeb9f1269b9085473fa - Unres...
CVSS 6.3
CVE-2025-15141 LOW
Halo < 2.21.10 - Information Disclosure in Configuration Handler
CVSS 3.1
CVE-2025-15121 LOW
JeecgBoot < 3.9.0 - Information Disclosure via getDeptRoleByUserId departId Parameter
CVSS 2.4
CVE-2025-15110 MEDIUM
jackq XCMS - Unrestricted File Upload in ProductImageController
CVSS 4.7
CVE-2025-15109 HIGH
jackq XCMS - Unrestricted File Upload
CVSS 7.3
CVE-2025-67015 HIGH
Comtech CDM-625 and CDM-625A Firmware v2.5.1 - Privilege Escalation via Admin Password Change
CVSS 7.5
CVE-2025-67014 HIGH
DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 - Unauthenticated Improper Access Control
CVSS 7.5
CVE-2025-15086 MEDIUM
youlai-mall 1.0.0/2.0.0 - Incorrect Privilege Assignment in MemberController
CVSS 4.3
CVE-2025-15084 LOW
youlai-mall 1.0.0/2.0.0 - Incorrect Privilege Assignment in Order Payment Handler
CVSS 3.1
CVE-2025-15082 MEDIUM
TOZED ZLT M30s <= 1.47 - Information Disclosure via goformId Parameter
CVSS 5.3
CVE-2025-15050 MEDIUM
Student File Management System 1.0 - Unrestricted File Upload via File Parameter in /save_file.php
CVSS 6.3
CVE-2025-66736 HIGH
youlai-boot V2.21.1 - Improper Access Control in SysUserController ImportUsers Function
CVSS 7.1
CVE-2025-66735 HIGH
youlai-boot 2.21.1 - Privilege Escalation
CVSS 7.5
CVE-2025-63664 HIGH
GT Edge AI Platform <2.0.10-dev - Info Disclosure
CVSS 7.5
CVE-2025-63663 HIGH
GT Edge AI Platform <v2.0.10 - Info Disclosure
CVSS 7.5
CVE-2025-15009 MEDIUM
ChestnutCMS < 1.5.8 - Unrestricted File Upload via Filename Handler
CVSS 6.3
Details
Vulnerabilities 5,270
Links
MITRE CWE Entry Search this CWE With Exploits