Improper Access Control

LangGraph Python SDK is vulnerable to Improper Access Control. The vulnerability is due to unsafe URL path construction using unsanitized user-supplied identifiers, where special characters in identifier values can alter the intended request path and target unintended resources, allowing attacker...

CVE-2026-8381

A broken access control vulnerability exists in the TeamViewer DEX Platform On‑Premises prior version 9.2. Certain backend API endpoints do not correctly enforce authorization checks, allowing an authenticated user with low privileges to perform actions and access resources intended only for...

GHSA-F2HX-5FX3-HMCV Keycloak: UMA Policy Resource Injection Allows Unauthorized Cross-User Permission Grants

A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...

EUVD-2024-0007

Malicious code in bioql PyPI...

CVE-2025-1139

CVE-2025-1139 affects IBM Edge Application Manager 4.5. A local user can read or modify resources due to incorrect permission assignment. Root cause: improper/incorrect permission provisioning. Impact: unauthorized access to resources on the device. Mitigation: upgrade to patched IBM Edge Applica...

CVE-2024-25120

TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific t3:// URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records although only if a valid link-handling...

CVE-2023-46664

Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages...

CVE-2024-12766 SSRF in parisneo/lollms-webui

parisneo/lollms-webui version V13 feather suffers from a Server-Side Request Forgery SSRF vulnerability in the POST /api/proxy REST API. Attackers can exploit this vulnerability to abuse the victim server's credentials to access unauthorized web resources by specifying the JSON parameter...

USN-7097-1: OpenJDK 11 vulnerabilities

Andy Boothe discovered that the Networking component of OpenJDK 11 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. CVE-2024-21208 It was discovered that the Hotspot component of OpenJDK 11 did not...

CVE-2024-40766

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7...

CVE-2024-40766

CVE-2024-40766 affects SonicWall SonicOS on Gen5/Gen6 and Gen7 (SonicOS ≤ 7.0.1-5035) with improper access control in management access and SSLVPN, enabling unauthorized resource access and, in some cases, a firewall crash. Public sources confirm exploitation activity in the wild (CISA KEV catalo...

Intel Ethernet Controllers Access Control Error Vulnerability

Intel Ethernet Controllers is an Ethernet controller from Intel Corporation USA. An Access Control Error vulnerability exists in the Intel 700-series of Ethernet Controllers that arises from a network system or product that does not properly restrict access to resources from unauthorized roles...

Gemalto Ezio Server Access Control Error Vulnerability

Gemalto Ezio Server is an authentication server from Gemalto USA. An access control error vulnerability exists in Gemalto Ezio Server versions prior to 3.1.0, which can be exploited by an attacker to access unauthorized resources...

CVE-1999-1295

Transarc DCE Distributed File System DFS 1.1 for Solaris 2.4 and 2.5 does not properly initialize the grouplist for users who belong to a large number of groups, which could allow those users to gain access to resources that are protected by DFS...