CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,290 vulnerabilities with CWE-284
CVE-2025-8379 MEDIUM
Campcodes Online Hotel Reservation System 1.0 - Unrestricted File Upload via /admin/edit_room.php photo Parameter
CVSS 4.7
CVE-2025-8344 MEDIUM
viglet shio < 0.3.8 - Unrestricted File Upload via ShStaticFileUpload Function
CVSS 6.3
CVE-2025-50777 HIGH
AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera V1.00.02 - Incorrect Access Control
CVSS 7.8
CVE-2025-53113 LOW
GLPI 0.65-10.0.18 - Improper Access Control via External Links Feature
CVSS 2.7
CVE-2025-53112 MEDIUM
GLPI 9.1.0-10.0.18 - Unauthenticated Unauthorized Resource Removal
CVSS 4.3
CVE-2025-53111 MEDIUM
GLPI 0.80-10.0.18 - Unauthenticated Improper Access Control
CVSS 6.5
CVE-2025-43270 HIGH
macOS < 13.7.7, < 14.7.7, < 15.6 - Unauthorized Local Network Access via Sandbox Restriction Bypass
CVSS 8.8
CVE-2025-43241 MEDIUM
macOS <15.6-14.7.7 - Info Disclosure
CVSS 5.5
CVE-2025-43233 CRITICAL
macOS <15.6-13.7.7 - Info Disclosure
CVSS 9.8
CVE-2025-43232 CRITICAL
macOS < 13.7.7, < 14.7.7, < 15.6 - Privacy Preferences Bypass via Permissions Issue
CVSS 9.8
CVE-2025-43198 CRITICAL
macOS <15.6-14.7.7 - Info Disclosure
CVSS 9.8
CVE-2025-43194 CRITICAL
macOS < 13.7.7, < 14.7.7, < 15.6 - Unprotected File System Modification
CVSS 9.8
CVE-2025-43192 CRITICAL
macOS <15.6-14.7.7 - Info Disclosure
CVSS 9.8
CVE-2025-43184 CRITICAL
macOS < 13.7.7, < 14.7.7, < 15.4 - Improper Access Control via Shortcuts App Settings Bypass
CVSS 9.8
CVE-2025-30133 CRITICAL
IROAD Dashcam FX2 - Auth Bypass
CVSS 9.8
CVE-2025-27724 CRITICAL
meddream MedDream PACS Premium 7.3.3.840 - Privilege Escalation via Crafted PHP File Upload
CVSS 9.3
CVE-2025-8265 MEDIUM
299Ko CMS 2.0.0 - Unrestricted Upload
CVSS 4.7
CVE-2025-8256 MEDIUM
Online Ordering System 1.0 - Unrestricted File Upload via Image Parameter
CVSS 6.3
CVE-2025-8255 HIGH
code-projects Exam Form Submission 1.0 - Unrestricted File Upload via Image Parameter in Register.php
CVSS 7.3
CVE-2025-8226 MEDIUM
chancms < 3.1.3 - Information Disclosure via accessKey/secretKey Manipulation
CVSS 4.3
CVE-2025-8174 MEDIUM
code-projects Voting System 1.0 - Unrestricted File Upload via Photo Argument
CVSS 6.3
CVE-2025-8171 MEDIUM
code-projects Document Management System 1.0 - Unrestricted File Upload via /insert.php uploaded_file Parameter
CVSS 6.3
CVE-2025-43712 LOW
JHipster < 8.9.0 - Privilege Escalation via Authorities Parameter Manipulation
CVSS 2.9
CVE-2025-8128 MEDIUM
zhousg letao <7d8df0386a65228476290949e0413de48f7fbe98 - Unrestrict...
CVSS 6.3
CVE-2025-6741 HIGH
Devolutions Server <=2025.1.11.0, 2025.2.2.0-2025.2.4.0 - Unauthorized Entry Access via Secure Message Attachment
CVSS 7.7
Details
Vulnerabilities 5,290
Links
MITRE CWE Entry Search this CWE With Exploits