CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,300 vulnerabilities with CWE-284
CVE-2025-26611 CRITICAL
WeGia < 3.2.13 - SQL Injection via remover_produto.php Endpoint
CVSS 9.8
CVE-2025-26609 CRITICAL
WeGia < 3.2.13 - SQL Injection via familiar_docfamiliar.php Endpoint
CVSS 9.8
CVE-2025-26608 CRITICAL
WeGIA < 3.2.13 - SQL Injection via dependente_docdependente.php Endpoint
CVSS 9.8
CVE-2025-26607 CRITICAL
WeGia < 3.2.13 - SQL Injection via documento_excluir.php Endpoint
CVSS 9.8
CVE-2025-26606 CRITICAL
WeGia < 3.2.13 - SQL Injection via informacao_adicional.php Endpoint
CVSS 9.8
CVE-2025-1390 MEDIUM
PAM pam_cap.so - Privilege Escalation
CVSS 6.1
CVE-2025-1391 MEDIUM
Keycloak Services 26.1.0-26.1.2 - Improper Access Control via Organization Domain Pattern Matching
CVSS 5.4
CVE-2025-1355 HIGH
needyamin Library Card System 1.0 - Unrestricted File Upload in Add Picture Component
CVSS 7.3
CVE-2025-24435 MEDIUM
Adobe Commerce <=2.4.8-beta1 - Authenticated Privilege Escalation via Improper Access Control
CVSS 4.3
CVE-2025-24429 LOW
Adobe Commerce < 2.4.4 - Improper Access Control
CVSS 3.5
CVE-2025-24427 MEDIUM
Adobe Commerce < 2.4.4 - Improper Access Control
CVSS 6.5
CVE-2025-24426 MEDIUM
Adobe Commerce B2B - Improper Access Control
CVSS 6.5
CVE-2025-24424 MEDIUM
Adobe Commerce < 2.4.7-p4 - Improper Access Control
CVSS 6.5
CVE-2025-24423 MEDIUM
Adobe Commerce < 2.4.8-beta1 - Improper Access Control
CVSS 4.3
CVE-2025-24422 MEDIUM
Adobe Commerce 2.4.8-beta1 2.4.7-p3 2.4.6-p8 2.4.5-p10 2.4.4-p11 - Security Feature Bypass via Improper Access Control
CVSS 6.5
CVE-2025-24411 HIGH
Adobe Commerce < 2.4.4 - Security Feature Bypass via Improper Access Control
CVSS 8.1
CVE-2025-24042 HIGH
Visual Studio Code < 1.97.1 - Elevation of Privilege via JS Debug Extension
CVSS 7.3
CVE-2025-21359 HIGH
Windows Kernel - Security Feature Bypass via Improper Access Control
CVSS 7.8
CVE-2025-21337 LOW
Windows NTFS - Elevation of Privilege via Improper Access Control
CVSS 3.3
CVE-2025-24532 MEDIUM
SCALANCE WAB/WAM <V3.0.0 - Info Disclosure
CVSS 4.3
CVE-2025-1166 MEDIUM
SourceCodester Food Menu Manager 1.0 - Unrestricted File Upload in endpoint/update.php
CVSS 6.3
CVE-2025-1165 HIGH
Lumsoft ERP 8 - Unrestricted Upload
CVSS 7.3
CVE-2025-1115 LOW
RT-Thread < 5.1.0 - Information Disclosure via sys_* functions
CVSS 3.3
CVE-2025-24968 HIGH
yogeshojha/rengine <= 2.20 - Authenticated Project Deletion and Privilege Escalation
CVSS 8.8
CVE-2025-24885 HIGH
pwncollege/dojo - Stored Cross-Site Scripting via Custom Page Rendering
CVSS 7.6
Details
Vulnerabilities 5,300
Links
MITRE CWE Entry Search this CWE With Exploits