CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,289 vulnerabilities with CWE-284
CVE-2025-9139 MEDIUM
Scada-LTS 2.7.8.1 - Info Disclosure
CVSS 4.3
CVE-2025-32992 HIGH
Thermo Fisher Scientific ePort <3.0.0 - Privilege Escalation
CVSS 8.5
CVE-2025-4962 HIGH
lunary-ai/lunary < 1.9.23 - Authenticated Insecure Direct Object Reference via ProjectId Parameter
CVSS 7.7
CVE-2025-9099 MEDIUM
Acrel Environmental Monitoring Cloud Platform <20250804 - Unrestri...
CVSS 6.3
CVE-2025-50861 MEDIUM
Lotus Cars Android app 1.2.8 - SSRF
CVSS 6.5
CVE-2025-20219 MEDIUM
Cisco Adaptive Security Appliance (ASA) Software - Unauthenticated Access Control Bypass via Loopback Interface
CVSS 5.3
CVE-2025-8965 MEDIUM
linlinjava litemall < 1.8.0 - Unrestricted File Upload via AdminStorageController
CVSS 6.3
CVE-2025-48861 MEDIUM
Bosch Rexroth ctrlX OS Setup Unauthenticated Sensitive Data Exposure via Task API
CVSS 5.3
CVE-2025-48860 HIGH
Bosch Rexroth ctrlX OS Setup 1.20.0-1.20.0, 2.6.0-2.6.0, 3.6.0-3.6.1 - Sensitive Data Exposure via Backup Archive
CVSS 8.0
CVE-2025-55196 HIGH
External Secrets Operator <0.19.2 - Info Disclosure
CVE-2025-8762 MEDIUM
INSTAR 2K+ & 4K <3.11.1 Build 1124 - Physical Access Control
CVSS 6.8
CVE-2025-53729 HIGH
Azure File Sync - Privilege Escalation
CVSS 7.8
CVE-2025-49707 HIGH
Azure Virtual Machines - Authenticated Spoofing via Improper Access Control
CVSS 7.9
CVE-2025-24999 HIGH
Microsoft SQL Server 2016-2022 Privilege Escalation via Improper Access Control
CVSS 8.8
CVE-2025-24840 MEDIUM
Intel(R) Tiber(TM) Edge Platform <24.11.1 - Privilege Escalation
CVSS 5.8
CVE-2025-24323 MEDIUM
Intel(R) PCIe Switch <MR4_1.0b1 - Privilege Escalation
CVSS 6.5
CVE-2025-24313 MEDIUM
Device Plugins for Kubernetes software maintained by Intel < 0.32.0 - Denial of Service via Improper Access Control
CVSS 4.4
CVE-2025-20099 MEDIUM
Intel(R) Rapid Storage Technology - Privilege Escalation
CVSS 6.7
CVE-2025-55012 HIGH
Zed < 0.197.3 Agent Panel - Permission Bypass Code Execution
CVE-2025-8859 MEDIUM
eblog_site 1.0 - Unrestricted File Upload in File Upload Module
CVSS 6.3
CVE-2025-8841 MEDIUM
microservices-platform < 6.0.0 - Unrestricted File Upload via FileController Upload Function
CVSS 6.3
CVE-2025-8798 HIGH
oitcode samarium <= 0.9.6 - Unrestricted File Upload in Create Product Page
CVSS 7.3
CVE-2025-8795 MEDIUM
LitmusChaos Litmus < 3.19.0 - Improper Access Control via ProjectID Parameter
CVSS 6.3
CVE-2025-8775 MEDIUM
Qiyuesuo Electronic Signature Platform <= 4.34 - Unrestricted File Upload via Scheduled Task Handler
CVSS 6.3
CVE-2025-8764 MEDIUM
linlinjava litemall < 1.8.0 - Unrestricted File Upload via /wx/storage/upload
CVSS 6.3
Details
Vulnerabilities 5,289
Links
MITRE CWE Entry Search this CWE With Exploits