CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,300 vulnerabilities with CWE-284
CVE-2025-2218 MEDIUM
LoveCards 2.1.1-2.3.2 - Unauthenticated Improper Access Control in Setting Handler
CVSS 5.3
CVE-2025-2216 MEDIUM
zzskzy Warehouse Refinement Management System 1.3 - Unrestricted File Upload via SaveCrash.ashx
CVSS 6.3
CVE-2025-23243 MEDIUM
NVIDIA Riva < 2.19.0 - Improper Access Control
CVSS 6.5
CVE-2025-23242 HIGH
NVIDIA Riva < 2.19.0 - Improper Access Control
CVSS 7.3
CVE-2025-26645 HIGH
Windows 10/11, Server 2008 - RCE via Remote Desktop Client Path Traversal
CVSS 8.8
CVE-2025-24994 HIGH
Windows Cross Device Service - Privilege Escalation
CVSS 7.3
CVE-2025-24076 HIGH
Windows 11/Server 2022 Privilege Escalation via Cross Device Service
CVSS 7.3
CVE-2025-25614 HIGH
Unifiedtransform 2.0 - Privilege Escalation via Incorrect Access Control
CVSS 8.8
CVE-2025-25616 MEDIUM
Unifiedtransform 2.0 - Improper Access Control via Exam Rule Edit Endpoint
CVSS 4.3
CVE-2025-25615 LOW
Unifiedtransform 2.0 - Improper Access Control
CVSS 2.7
CVE-2025-2121 MEDIUM
Thinkware Car Dashcam F800 Pro <20250226 - Info Disclosure
CVSS 6.3
CVE-2025-2115 MEDIUM
zzskzy Warehouse Refinement Management System 3.1 - Unrestricted File Upload via AcceptZip.ashx ProcessRequest
CVSS 6.3
CVE-2025-25617 MEDIUM
Unifiedtransform 2.X - Privilege Escalation
CVSS 4.3
CVE-2025-2090 MEDIUM
PHPGurukul Pre-School Enrollment System 1.0 - Improper Access Control in Sub Admin Handler
CVSS 4.7
CVE-2025-2089 MEDIUM
starsea-mall 1.0/2.X - Improper Access Control via UserController updateUserInfo
CVSS 5.4
CVE-2025-25381 HIGH
KSRTC AWATAR <1.3.0 - Info Disclosure
CVSS 7.5
CVE-2025-2035 MEDIUM
s-a-zhd Ecommerce-Website-using-PHP 1.0 - Unrestricted File Upload in Customer Registration
CVSS 6.3
CVE-2025-2031 MEDIUM
ChestnutCMS <= 1.5.2 - Unrestricted File Upload via /dev-api/cms/file/upload
CVSS 6.3
CVE-2025-27649 CRITICAL
Vasion Print < 20.0.2140 and Virtual Appliance < 22.0.893 - Improper Access Control
CVSS 9.8
CVE-2025-27646 CRITICAL
Vasion Print < 20.0.2253 and Virtual Appliance < 22.0.913 - Unauthenticated Edit User Account Exposure
CVSS 9.8
CVE-2025-1260 CRITICAL
Arista EOS 4.28.0-4.33.0 Improper Access Control via gNOI
CVSS 9.1
CVE-2025-1259 HIGH
Arista EOS 4.28.0-4.28.11, 4.29.0-4.29.8, 4.30.0-4.30.7, 4.31.0-4.31.4, 4.32.0-4.32.2, 4.33.0 - Improper Access Control
CVSS 7.7
CVE-2025-1941 CRITICAL
Firefox < 136.0 - Improper Access Control via Focus Authentication Bypass
CVSS 9.1
CVE-2025-1890 MEDIUM
shishuocms 1.1 - Unrestricted Upload
CVSS 6.3
CVE-2025-1882 MEDIUM
i-Drive i11<i12 - Improper Access Control
CVSS 5.0
Details
Vulnerabilities 5,300
Links
MITRE CWE Entry Search this CWE With Exploits