2752 matches found
H3C ER8300G2-X - Password Disclosure
H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface. id: CVE-2024-32238 info: name: H3C ER8300G2-X - Password Disclosure author: s4e-io,adeljck severity: critical description: | H3...
Astra Linux – Vulnerability in libde265
There is an incorrect access control vulnerability in libde265 v1.0.8 due to a SEGV in slice.cc...
Lexmark International (CVE-2019-9934)
Various Lexmark products have Incorrect Access Control issue 1 of 2. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid505493; scriptversion"1.2";...
Lexmark International (CVE-2019-10058)
Various Lexmark products have Incorrect Access Control. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid505497; scriptversion"1.2";...
EUVD-2026-36784
Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...
EUVD-2026-36773
Incorrect access control in the /form/webhooks/webhook endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request...
CVE-2026-50881
Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes...
CVE-2025-66105
Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bus Ticket Booking with Seat Reservation: from n/a before 5.6.8...
CVE-2026-42776
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a through 3.6.7...
CVE-2026-35904
Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via sending a crafted request to a vulnerable CGI component...
CVE-2026-33552
Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control...
CVE-2026-33552
Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control...
CVE-2026-42753
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: from n/a through = 2.11.10...
CVE-2026-33552
Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control...
CVE-2026-33552
Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control...
CVE-2026-33552
Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control...
PT-2026-44072
Name of the Vulnerable Software and Affected Versions Mender Enterprise Server versions prior to 4.1.1 Description Incorrect access control allows unauthorized users to perform actions they should not be permitted to execute. Recommendations Update to version 4.1.1 or later...
Astra Linux - уязвимость в libde265
A issue has been found in libde265 v1.0.8 due to incorrect access control. A segmentation fault has occurred as a result of a READ memory access in the deriveboundaryStrength function of deblock.cc. This vulnerability causes a segmentation fault and results in the crash of the application, leadin...
CVE-2023-24215
Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...
PT-2026-41704
Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...