CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,300 vulnerabilities with CWE-284
CVE-2025-32726 MEDIUM
Visual Studio Code < 1.99.1 - Authenticated Privilege Escalation
CVSS 6.8
CVE-2025-23389 HIGH
Rancher 2.8.0-2.8.12, 2.9.0-2.9.6, 2.10.0-2.10.2 - Unauthenticated Identity Impersonation via SAML Authentication
CVSS 8.4
CVE-2025-27191 MEDIUM
Adobe Commerce <2.4.8-beta2 - Privilege Escalation
CVSS 5.3
CVE-2025-27190 MEDIUM
Adobe Commerce <2.4.8-beta2 - Privilege Escalation
CVSS 5.3
CVE-2025-30288 HIGH
ColdFusion <2023.12, 2021.18, 2025.0 - Privilege Escalation
CVSS 8.2
CVE-2025-30281 CRITICAL
ColdFusion <= 2025.0 - Authenticated Arbitrary Code Execution via Improper Access Control
CVSS 9.1
CVE-2025-29810 HIGH
Windows 10 1507-24H2 and Windows Server 2008 - Privilege Escalation via Active Directory Domain Services
CVSS 7.5
CVE-2025-29804 HIGH
Visual Studio 2022 17.8.0-17.8.19 - Authenticated Privilege Escalation
CVSS 7.3
CVE-2025-27744 HIGH
Microsoft Office - Privilege Escalation via Improper Access Control
CVSS 7.8
CVE-2025-27738 MEDIUM
Windows ReFS - Information Disclosure via Improper Access Control
CVSS 6.5
CVE-2025-26678 HIGH
Windows Defender Application Control - Improper Access Control
CVSS 8.4
CVE-2025-21197 MEDIUM
Windows NTFS - Authenticated Path Information Disclosure
CVSS 6.5
CVE-2025-3410 MEDIUM
aias 20250308 - Unrestricted File Upload in LocalStorageController
CVSS 6.3
CVE-2025-3398 MEDIUM
Lenve VBlog <1.0.0 - Improper Access Controls
CVSS 6.3
CVE-2025-28413 CRITICAL
RUoYi 4.8.0 - Privilege Escalation via SysDictTypeController
CVSS 9.8
CVE-2025-28412 CRITICAL
RuoYi 4.8.0 - Privilege Escalation via SysNoticeController EditSave Method
CVSS 9.8
CVE-2025-28411 CRITICAL
RUoYi 4.8.0 - Privilege Escalation via Tool Gen EditSave Method
CVSS 9.8
CVE-2025-28410 CRITICAL
RUoYi 4.8.0 - Privilege Escalation via cancelAuthUserAll Method
CVSS 9.8
CVE-2025-28409 HIGH
RUoYi 4.8.0 - Privilege Escalation via /add/{parentId} Endpoint
CVSS 8.8
CVE-2025-28408 CRITICAL
RUoYi 4.8.0 - Privilege Escalation via selectDeptTree Endpoint deptId Parameter
CVSS 9.8
CVE-2025-28407 HIGH
RUoYi 4.8.0 - Privilege Escalation via Unvalidated DictId Edit Endpoint
CVSS 8.8
CVE-2025-28406 CRITICAL
RUoYi 4.8.0 - Privilege Escalation via jobLogId Parameter
CVSS 9.8
CVE-2025-28405 CRITICAL
RUoYi 4.8.0 - Privilege Escalation via changeStatus Method
CVSS 9.8
CVE-2025-28403 HIGH
RUoYi 4.8.0 - Privilege Escalation via editSave Method
CVSS 7.2
CVE-2025-28402 CRITICAL
RUoYi 4.8.0 - Privilege Escalation via jobId Parameter
CVSS 9.8
Details
Vulnerabilities 5,300
Links
MITRE CWE Entry Search this CWE With Exploits