CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,289 vulnerabilities with CWE-284
CVE-2025-9847 MEDIUM
ScriptAndTools Real Estate Management System 1.0 - Unrestricted File Upload via register.php uimage Parameter
CVSS 6.3
CVE-2025-9843 MEDIUM
Das Parking Management System 6.2.0 - Information Disclosure via /Operator/FindAll
CVSS 5.3
CVE-2025-9842 MEDIUM
Das Parking Management System 6.2.0 - Information Disclosure via Operator/Search Endpoint
CVSS 5.3
CVE-2025-9841 MEDIUM
Mobile Shop Management System 1.0 - Unrestricted File Upload via ProductImage Argument in AddNewProduct.php
CVSS 6.3
CVE-2025-55373 MEDIUM
Beakon Application <5.4.3 - Privilege Escalation
CVSS 5.3
CVE-2025-54599 HIGH
Bevy Event Service < 2025-07-22 - Account Takeover via SSO Misconfiguration
CVSS 7.5
CVE-2025-9800 MEDIUM
sim < 0.3.40 - Unrestricted File Upload via HTML File Parser
CVSS 6.3
CVE-2025-9795 MEDIUM
tianti < 2.3 - Unrestricted File Upload via ajaxUploadFile Function
CVSS 6.3
CVE-2025-9775 HIGH
RemoteClinic < 2.0 - Unrestricted File Upload via /staff/edit-my-profile.php Image Parameter
CVSS 7.3
CVE-2025-9774 MEDIUM
RemoteClinic < 2.0 - Information Disclosure via Email Parameter in Edit Patient
CVSS 4.3
CVE-2025-9772 HIGH
RemoteClinic < 2.0 - Unrestricted File Upload via /staff/edit.php Image Parameter
CVSS 7.3
CVE-2025-39247 HIGH
HikCentral Professional - Privilege Escalation
CVSS 8.6
CVE-2025-57219 MEDIUM
Tenda AC10 v4.0 Firmware 16.03.10.09_multi_TDE01 - Unauthenticated Privilege Escalation via ate Debug Interface
CVSS 5.3
CVE-2025-57758 MEDIUM
Contao 5.0.0-5.3.37 - Improper Access Control in Back-End Table Access Voter
CVSS 4.3
CVE-2025-25734 MEDIUM
Kapsch RIS-9160 & RIS-9260 Firmware - Unauthenticated Arbitrary Code Execution via EFI Shell
CVSS 6.8
CVE-2025-9476 HIGH
SourceCodester HRIS 1.0 - Unrestricted Upload
CVSS 7.3
CVE-2025-9475 HIGH
SourceCodester HRIS 1.0 - Unrestricted Upload
CVSS 7.3
CVE-2025-9461 MEDIUM
diyhi bbs < 6.8 - Exposure of Sensitive Information via File Compression Handler
CVSS 4.3
CVE-2025-9415 MEDIUM
GreenCMS <2.3.0603 - Unrestricted Upload
CVSS 6.3
CVE-2025-29421 HIGH
PerfreeBlog 4.0.11 - Arbitrary File Read via getThemeFileContent Function
CVSS 7.5
CVE-2025-50900 CRITICAL
getrebuild/rebuild <4.0.4 - Info Disclosure
CVSS 9.8
CVE-2025-44178 MEDIUM
DASAN GPON ONU H660WM - Info Disclosure
CVSS 6.5
CVE-2025-29524 MEDIUM
DASAN GPON ONU H660WM H660WMR210825 - Info Disclosure
CVSS 6.5
CVE-2025-29520 MEDIUM
D-Link DSL-7740C Firmware DSL7740C.V6.TR069.20211230 - Authenticated Privilege Escalation via Maintenance Module
CVSS 5.3
CVE-2025-29515 CRITICAL
D-Link DSL-7740C Firmware - Improper Access Control via DELT_file.xgi Endpoint
CVSS 9.8
Details
Vulnerabilities 5,289
Links
MITRE CWE Entry Search this CWE With Exploits