CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5,292 vulnerabilities with CWE-284
CVE-2025-53003
HIGH
jans-config-api-server < 1.8.0 - Unauthenticated Exposure of Sensitive Information via Missing Scope Verification
CVE-2025-6900
MEDIUM
code-projects Library System 1.0 - Unrestricted File Upload via Image Parameter in /add-book.php
CVSS 6.3
CVE-2025-46014
HIGH
Honor PC Manager < 16.0.0.118 - Privilege Escalation via iMateBookAssistant Named Pipe
CVSS 8.8
CVE-2025-6873
MEDIUM
SourceCodester Simple Company Website 1.0 - Unrestricted File Upload in Users.php
CVSS 4.7
CVE-2025-6872
MEDIUM
SourceCodester Simple Company Website 1.0 - Unrestricted File Upload via SystemSettings.php img Argument
CVSS 4.7
CVE-2025-6870
MEDIUM
Simple Company Website 1.0 - Unrestricted File Upload via Content.php img Argument
CVSS 4.7
CVE-2025-6848
MEDIUM
Simple Forum 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-6843
HIGH
Simple Photo Gallery 1.0 - Unrestricted Upload
CVSS 7.3
CVE-2025-6837
MEDIUM
code-projects Library System 1.0 - Unrestricted Upload
CVSS 6.3
CVE-2025-45729
MEDIUM
D-Link DIR-823-Pro 1.02 - Unauthenticated Telnet Access via Improper Permission Control
CVSS 6.3
CVE-2025-49603
CRITICAL
Northern.tech Mender Server <4.0.1 - Privilege Escalation
CVSS 9.1
CVE-2025-6667
MEDIUM
Car Rental System 1.0 - Unrestricted File Upload via Image Parameter in add_cars.php
CVSS 6.3
CVE-2025-6443
HIGH
Mikrotik RouterOS < 7.20 - Unauthenticated Improper Access Control via VXLAN Source IP Handling
CVSS 7.2
CVE-2025-6532
MEDIUM
NOYAFA/Xiami LF9 Pro <20250611 - Info Disclosure
CVSS 4.3
CVE-2025-6531
MEDIUM
SIFUSM/MZZYG BD S1 <20250611 - Info Disclosure
CVSS 4.3
CVE-2025-6527
LOW
70mai M300 <20250611 - Improper Access Controls
CVSS 3.1
CVE-2025-6466
MEDIUM
ageerle ruoyi-ai < 2.0.1 - Unrestricted File Upload via SseServiceImpl Speech-to-Text Upload
CVSS 6.3
CVE-2025-6422
MEDIUM
Campcodes Online Recruitment Management System 1.0 - Unrestricted File Upload via About Content Page img Argument
CVSS 6.3
CVE-2025-6266
MEDIUM
Teledyne FLIR AX8 <1.46 - Unrestricted Upload
CVSS 6.3
CVE-2025-31698
HIGH
Apache Traffic Server <9.2.10, <10.0.6 - Info Disclosure
CVSS 7.5
CVE-2025-49591
CRITICAL
CryptPad < 2025.3.0 - Two-Factor Authentication Bypass via URL-Encoded Path Parameter
CVSS 9.1
CVE-2025-49154
HIGH
Trend Micro Apex One and Worry-Free Business Security - Local Privilege Escalation via Memory-Mapped File Overwrite
CVSS 8.7
CVE-2025-6161
HIGH
Simple Food Ordering System 1.0 - Unrestricted File Upload via editproduct.php Photo Parameter
CVSS 7.3
CVE-2025-27689
HIGH
Dell iDRAC Tools < 11.3.0.0 - Authenticated Privilege Escalation
CVSS 7.8
CVE-2025-46889
MEDIUM
Adobe Experience Manager <6.5.22 - Privilege Escalation
CVSS 5.4
Details
Vulnerabilities
5,292