CVE-2026-5749

Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise th...

PT-2026-25194

Missing Authorization vulnerability in raratheme Restaurant and Cafe restaurant-and-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant and Cafe: from n/a through = 1.2.5...

CVE-2026-28723

Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 Linux, Windows before build 41186...

CVE-2026-22624

Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization...

EUVD-2026-5036

Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization...

PT-2026-5392

Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization...

CVE-2025-41016

CVE-2025-41016 affects Davantis DFUSION v6.177.7. The vulnerability is an inadequate access control that lets unauthorised actors access alarm media via /alarms//, where MEDIA can be snapshot or video.mp4, exposing images/videos from triggered alerts. CVSSv4 base score 8.7 (HIGH) with NETWORK att...

WSO2多款产品 安全漏洞

WSO2 API Manager and others are products of WSO2, Inc. of the U.S. WSO2 API Manager is a suite of API lifecycle management solutions.WSO2 Identity Server IS is an identity server.WSO2 API Control Plane is a control panel. A security vulnerability exists in several WSO2 products that stems from an...

EUVD-2008-5575

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2024-1439

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with high...

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system, related to inadequate access control mechanisms, allows attackers to escalate their privileges.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to lack of access control mechanisms. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...

CVE-2023-38292

Certain software builds for the TCL 20XE Android device contain a vulnerable, pre-installed app with a package name of com.tct.gcs.hiddenmenuproxy versionCode='2', versionName='v11.0.1.0.0201.0' that allows local third-party apps to programmatically perform a factory reset due to inadequate acces...

CVE-2023-38293

Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus versionCode='31', versionName='12' that allows local third-party apps to execute arbitrary AT commands in its context radio user via AT...

CVE-2019-7848

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Inadequate access control vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user...

CVE-2002-2335

Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protection.php...

CVE-2025-0637 Inadequate access control in Beta10

It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to access private areas and/or areas intended for other roles. The vulnerability has been...

CVE-2025-0637

CVE-2025-0637 describes an inadequate authorization control in Beta10, allowing unauthenticated actors to access private or restricted areas via the /app/tools.html endpoint. The issue is concrete: missing authorization checks in Beta10 software (no specifics on affected versions in the initial d...

PT-2025-1298 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge affected versions not specified Description: The issue is related to inadequate access control in Microsoft Edge, allowing a remote attacker to potentially elevate their privileges. Recommendations: At the moment, there is no...

CVE-2024-45805

OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information SETTINGSSUPPORT. This is due to inadequate access control for support information...

CVE-2024-45805 OpenCTI leaks support information due to inadequate access control

OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information SETTINGSSUPPORT. This is due to inadequate access control for support information...