104 matches found
CVE-2026-1267
IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls...
Vulnerability fixed in Oracle Identity Manager and Oracle Web Services Manager
Oracle has fixed a vulnerability in two components of Fusion Middleware, Oracle Identity Manager and Oracle Web Services Manager. The vulnerability comes from insufficient access controls within Oracle Identity Manager and Oracle Web Services Manager, allowing unauthenticated remote attackers to...
CVE-2026-24422
phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list endpoint calls Question::getAll with showAll=true by default, returning...
EUVD-2014-3867
Malware in sbrugna...
CVE-2020-15411
An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader...
Unauthorized Access
github.com/inspektor-gadget/inspektor-gadget is vulnerable to unauthorized access. The vulnerability is due to insufficient access controls due to reliance on client access with valid TLS certificates or cluster access in daemon or Kubernetes modes, allows an attacker to gain unauthorized access ...
CVE-2025-2298 Authenticated API Endpoint Allows Arbitrary File Deletion in Dremio Software
An improper authorization vulnerability in Dremio Software allows authenticated users to delete arbitrary files that the system has access to, including system files and files stored in remote locations such as S3, Azure Blob Storage, and local filesystems. This vulnerability exists due to...
CVE-2025-1568
CVE-2025-1568 is a Gerrit-based supply‑chain and access-control vulnerability in Google ChromeOS Gerrit project configuration (ChromiumOS, ChromeOS 16063.87.0) characterized by misconfigurations in Gerrit’s project.config, permissive default addPatchSet, and a race window that enables malicious p...
Incorrect Authorization
drupal/core package is vulnerable to Incorrect Authorization. The vulnerability is due to insufficient access controls. This allows forceful browsing in certain core versions, enabling attackers to access restricted resources...
Improper Authorization
magento/community-edition and magento/project-community-edition are vulnerable to Improper Authorization. The vulnerability is due to insufficient access controls due to improper authorization enforcement, allowing an attacker to bypass security measures and escalate privileges, potentially leadi...
PT-2025-5303 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.7.3 macOS versions prior to 14.7.3 macOS versions prior to 15.3 Description: The issue is related to insufficient access restrictions in the PackageKit component of macOS, which may allow a remote attacker to elevat...
PT-2024-8168 · Microsoft · Edge
Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based versions up to 130.0.2849.46 Description: The Chromium-based version of Microsoft Edge has an information disclosure issue related to insufficient access controls, allowing a remote attacker to disclose protected...
Insecure Direct Object Reference (IDOR)
Open-webui/open-webui is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is caused by insufficient access controls in the API, which fail to validate user permissions, allowing unauthorized users to manipulate restricted data...
SuiteCRM 安全漏洞
SuiteCRM is a customer relationship management system from the SuiteCRM team. SuiteCRM has a security vulnerability that stems from insufficient access control checks. An attacker exploited the vulnerability to delete records via the API...
Unauthorized Access
alextselegidis/easyappointments is vulnerable to Unauthorized Access. The vulnerability is due to insufficient access controls in the GET, PUT, DELETE /providers/providerId endpoints, allowing a low privileged user to fetch, modify, or delete a privileged user's data...
Authorization Bypass
alextselegidis/easyappointments is vulnerable for Authorization Bypass. The vulnerability is due to insufficient access controls on the GET, PUT, and DELETE methods for /appointments/appointmentId, allowing a low-privileged user to fetch, modify, or delete any user's appointment, including those ...
Arbitrary File Deletion
gogs.io/gogs is vulnerable to Arbitrary File Deletion. The vulnerability is due to insufficient access controls, allowing unauthorized users to delete internal files on the host...
Unauthorized Data Access
Klaviyo Magento 2 is vulnerable to Unauthorized Data Access. The vulnerability is due to insufficient access controls in an endpoint, allowing attackers to read private customer data from stores by reclaiming guest-carts and accessing order details via the Magento API...
PT-2024-4666 · Microsoft · Azure Arc-Enabled Kubernetes Extension Cluster
Name of the Vulnerable Software and Affected Versions: Azure Arc-enabled Kubernetes Extension Cluster affected versions not specified Description: The issue is related to insufficient access controls in Azure Arc-enabled Kubernetes extensions, which can be exploited by a remote attacker to elevat...
Insecure Direct Object Reference (IDOR)
pimcore/pimcore is vulnerable to Insecure Direct Object Reference IDOR. This vulnerability is due to insufficient access controls and improper handling of session information within the Pimcore platform. Specifically, the flaw arises from the platform's failure to properly restrict access to...