CVE-2026-24039 Horilla's Improper Access Control Allows Employees to Auto-Approve Documents

Horilla is a free and open source Human Resource Management System HRMS. Version 1.4.0 has Improper Access Control, allowing low-privileged employees to self-approve documents they have uploaded. The document-approval UI is intended to be restricted to administrator or high-privilege roles only;...

CVE-2025-6788

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources to the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML diagrams...

CVE-2022-39945

An improper access control vulnerability CWE-284 in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references...

CVE-2021-24819

The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as...

CVE-2020-16247

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource...

CVE-1999-0534

A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single...

ingeteam.it Improper Access Control vulnerability OBB-3840871

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Amazon's Ring cameras were used to spy on customers

Every single Amazon Ring employee was able to access every single customer video, even when it wasn't necessary for their jobs. Not only that, but the employees--along with workers from a third-party contractor in Ukraine--could also download any of those videos and then save and share them as th...

Code injection

An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Encrypted data may be inappropriately accessed...

CVE-2020-16212

CVE-2020-16212 corresponds to Philips PICiX (Patient Information Center iX) with versions B.02, C.02, C.03. The issue exposes a resource to the wrong control sphere, enabling unintended access, and the surveillance-station kiosk mode creates a path for local breakout if an attacker has physical a...

CVE-2020-7491

VERSION NOT SUPPORTED WHEN ASSIGNED A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4...

Design/Logic Flaw

VERSION NOT SUPPORTED WHEN ASSIGNED A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4...

Today’s File Security is So ’80s, Part 3: Dynamic Peer Groups – 3 Examples from Customer Data

In the first two parts of this series, we discussed why permissions management, the traditional approach to file security, no longer works and introduced a new approach to file security that leverages machine learning to build dynamic peer groups based on how users actually access files. In this...

Design/Logic Flaw

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access...

CVE-2017-6409

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access...

CVE-2005-4710

Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to "gain inappropriate access to another local user's computer," aka ID DL5549329...

CVE-2005-4710

Technical details for CVE-2005-4710 are not publicly available in the provided documents. Monitor for updates from official sources; no specific affected products, vulnerable components, exploits, or fixes are disclosed here.

CVE-2005-4710

Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to "gain inappropriate access to another local user's computer," aka ID DL5549329...

NotifyLink administrative interface displays user passwords in clear text

Overview The NotifyLink web interface grants administrative users inappropriate access to private user password information. Description Notify Technology NotifyLink Enterprise Server allows users to synchronize e-mail between a PDA and a mail server. The application consists of a PDA-specific...

PT-1999-1210 · Microsoft · Windows Nt

Name of the Vulnerable Software and Affected Versions: Windows NT affected versions not specified Description: The issue concerns an event log in Windows NT that has inappropriate access permissions. Recommendations: At the moment, there is no information about a newer version that contains a fix...