PT-2026-20723

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through = 4.2.8.3...

CVE-2020-24363

TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker on the same network to submit a TDDPRESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password...

CVE-2025-3653

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device contro...

CVE-2025-49340

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP direct-payments-wp allows Retrieve Embedded Sensitive Data.This issue affects Direct Payments WP: from n/a through = 1.3.2...

CVE-2025-67546

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through = 1.16.6...

EUVD-2021-31494

Malicious code in bioql PyPI...

Unauthorized Configuration Manipulation

Jupyter Core is vulnerable to Unauthorized Configuration Manipulation. The vulnerability is due to improper access control on the %PROGRAMDATA% directory, allowing unprivileged users to write configuration files that affect other users on shared Windows systems...

Unauthorized Access

moodle/moodle is vulnerable to Unauthorized Access. The vulnerability is due to broken access control and missing capability checks in certain grade reports, allowing unauthorized users to view restricted information...

PT-2025-15489 · Microsoft · Windows Dwm Core Library +1

Name of the Vulnerable Software and Affected Versions: Windows DWM Core Library affected versions not specified Description: The issue is related to improper input validation, which allows an authorized attacker to elevate privileges locally. This can affect the system, potentially leading to...

PT-2025-8750 · Unknown · Unifiedtransform

Name of the Vulnerable Software and Affected Versions: Unifiedtransform versions 2.X Description: The issue is related to Incorrect Access Control, allowing unauthorized users to access and manipulate endpoints intended for administrative use. Specifically, the endpoint "teacher/edit/id" is...

CVE-2024-56898

CVE-2024-56898 affects Geovision GV-ASWeb (v6.1.0.0 or earlier). The issue is a broken access control that lets a low-privilege user perform unauthorized actions, including creating, modifying, or deleting accounts, effectively escalating privileges. Public exploit details exist (PoC available at...

CVE-2023-26280

The CVE-2023-26280 issue affects IBM Jazz Foundation 7.0.2 and 7.0.3, where improper access control could let a user change their dashboard via a specially crafted HTTP request. The root cause is access-control weakness in the dashboard feature, with a CVSSv3.1 base score of 5.3 (Network, Low att...

CVE-2023-43040 IBM Spectrum Fusion HCI improper access control

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807...

CVE-2021-46903

An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts in violation of expected access control...

SUSE SLES15 Security Update : slurm (SUSE-SU-2024:0279-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0279-1 advisory. - SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriti...

GitLab 9.4 < 14.3.6 / 14.4 < 14.4.4 / 14.5 < 14.5.2 (CVE-2021-39945)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2,...

CVE-2023-0773 Unauthorized Access Control Vulnerability in Uniview IP Camera

The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerabili...

CVE-2023-0773 Unauthorized Access Control Vulnerability in Uniview IP Camera

The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerabili...

Unauthorized Access and Control in Proxy Contract

Lines of code Vulnerability details Summary: The code contains a bug that can lead to unauthorized access and control over the contract. This bug allows any caller, even those who are not the owner or address0, to bypass the intended access control mechanisms and execute arbitrary code on the...

Improper Access Control

github.com/pydio/cells is vulnerable to Improper Access Control. The vulnerability exists in the User Creation Handler component which allows an attacker to gain access to the system and perform unauthorized actions...