CWE-284— Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.— MITRE CWE catalog
4,678 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-284page 57 of 94
- CVE-2025-21185MEDIUMCVSS 6.5EG 6.52025-01-17
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- CVE-2025-21197MEDIUMCVSS 6.5EG 6.52025-04-08
Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.
- CVE-2025-21202MEDIUMCVSS 6.1EG 6.12025-01-14
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
- CVE-2025-2121MEDIUMCVSS 6.3EG 6.32025-03-09
A vulnerability classified as critical has been found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected is an unknown function of the component File Storage. The manipulation leads to improper access controls. The attack can only …
- CVE-2025-21213MEDIUMCVSS 4.6EG 4.62025-01-14
Secure Boot Security Feature Bypass Vulnerability
- CVE-2025-21293HIGHCVSS 8.8EG 8.82025-01-14
Active Directory Domain Services Elevation of Privilege Vulnerability
- CVE-2025-21301MEDIUMCVSS 6.5EG 6.52025-01-14
Windows Geolocation Service Information Disclosure Vulnerability
- CVE-2025-21337LOWCVSS 3.3EG 3.32025-02-11
Windows NTFS Elevation of Privilege Vulnerability
- CVE-2025-21340MEDIUMCVSS 5.5EG 5.52025-01-14
Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
- CVE-2025-21359HIGHCVSS 7.8EG 7.82025-02-11
Windows Kernel Security Feature Bypass Vulnerability
- CVE-2025-21380HIGHCVSS 8.8EG 8.82025-01-09
Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network.
- CVE-2025-21405HIGHCVSS 7.3EG 7.32025-01-14
Visual Studio Elevation of Privilege Vulnerability
- CVE-2025-21425HIGHCVSS 7.3EG 7.32025-04-07
Memory corruption may occur due top improper access control in HAB process.
- CVE-2025-21469HIGHCVSS 7.8EG 7.82025-05-06
Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call.
- CVE-2025-21470HIGHCVSS 7.8EG 7.82025-05-06
Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter.
- CVE-2025-21573MEDIUMCVSS 6.0EG 6.02025-04-15
Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult …
- CVE-2025-21586MEDIUMCVSS 5.4EG 5.42025-04-15
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with …
- CVE-2025-21587HIGHCVSS 7.4EG 7.42025-04-15
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.…
- CVE-2025-21588MEDIUMCVSS 4.9EG 4.92025-04-15
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network acces…
- CVE-2025-22157HIGHCVSS 8.8EG 8.82025-05-20
This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center …
- CVE-2025-2216MEDIUMCVSS 6.3EG 6.32025-03-12
A vulnerability, which was classified as critical, has been found in zzskzy Warehouse Refinement Management System 1.3. Affected by this issue is the function UploadCrash of the file /crash/log/SaveCrash.ashx. The manipulation of the argum…
- CVE-2025-2218MEDIUMCVSS 5.3EG 5.32025-03-12
A vulnerability has been found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This vulnerability affects unknown code of the file /api/system/other of the component Setting Handler. The manipulation leads to improper acce…
- CVE-2025-2219HIGHCVSS 7.3EG 7.32025-03-12
A vulnerability was found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This issue affects some unknown processing of the file /api/upload/image. The manipulation of the argument file leads to unrestricted upload. The at…
- CVE-2025-22391MEDIUMCVSS 6.7EG 6.72025-11-11
Improper access control for some SigTest before version 6.1.10 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may ena…
- CVE-2025-22426HIGHCVSS 7.8EG 5.92026-06-01
In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti…
- CVE-2025-2278MEDIUMCVSS 6.5EG 6.52025-03-13
Improper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an authenticated user to access information about these requests via a known request ID.
- CVE-2025-2280HIGHCVSS 8.1EG 8.12025-03-13
Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature.
- CVE-2025-22844MEDIUMCVSS 4.3EG 4.32025-05-13
Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
- CVE-2025-22940CRITICALCVSS 9.1EG 9.12025-03-31
Incorrect access control in Adtran 411 ONT L80.00.0011.M2 allows unauthorized attackers to arbitrarily set the admin password.
- CVE-2025-23048CRITICALCVSS 9.1EG 9.12025-07-10
In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple v…
- CVE-2025-2306MEDIUMCVSS 5.9EG 5.92025-05-16
An Improper Access Control vulnerability was identified in the file download functionality. This vulnerability allows users to download sensitive documents without authentication, if the URL is known. The attack requires the attacker to…
- CVE-2025-23083HIGHCVSS 7.7EG 7.72025-01-22
With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its cons…
- CVE-2025-23164MEDIUMCVSS 4.4EG 4.42025-05-19
A misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier) could permit the recipient of a "Share Livestream" link to maintain access to the corresponding livestream subsequent to such link becomin…
- CVE-2025-23203MEDIUMCVSS 5.5EG 5.52025-03-26
Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several director endpoints of REST API. To reproduce this vulnerability an authenticat…
- CVE-2025-23242HIGHCVSS 7.3EG 7.32025-03-11
NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, or information disclosure.
- CVE-2025-23243MEDIUMCVSS 6.5EG 6.52025-03-11
NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to data tampering or denial of service.
- CVE-2025-23277HIGHCVSS 7.3EG 7.32025-08-02
NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A successful exploit of this vulnerability might lead to…
- CVE-2025-23329HIGHCVSS 7.5EG 7.52025-09-17
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause memory corruption by identifying and accessing the shared memory region used by the Python backend. A successful exploit of this vu…
- CVE-2025-2334MEDIUMCVSS 5.4EG 5.42025-03-15
A vulnerability classified as problematic has been found in 274056675 springboot-openai-chatgpt e84f6f5. This affects the function deleteChat of the file /api/mjkj-chat/chat/ai/delete/chat of the component Chat History Handler. The manipul…
- CVE-2025-23365HIGHCVSS 7.8EG 7.82025-07-08
A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow a…
- CVE-2025-23367MEDIUMCVSS 6.5EG 6.52025-01-30
A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspe…
- CVE-2025-23389HIGHCVSS 8.4EG 8.42025-04-11
A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.1…
- CVE-2025-2348MEDIUMCVSS 4.3EG 4.32025-03-16
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been classified as problematic. Affected is an unknown function of the file /mnt/extsd/event/ of the component HTTP/RTSP. The manipulation leads to information disclosu…
- CVE-2025-2350MEDIUMCVSS 6.3EG 6.32025-03-16
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been rated as critical. Affected by this issue is some unknown functionality of the file /action/upload_file. The manipulation leads to unrestricted upload. Access to t…
- CVE-2025-24042HIGHCVSS 7.3EG 7.32025-02-11
Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability
- CVE-2025-24076HIGHCVSS 7.3EG 7.32025-03-11
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-24088HIGHCVSS 7.5EG 7.52025-09-15
The issue was addressed by adding additional logic. This issue is fixed in macOS Tahoe 26. An app may be able to override MDM-enforced settings from profiles.
- CVE-2025-24090LOWCVSS 3.3EG 3.32026-01-16
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.
- CVE-2025-24165MEDIUMCVSS 5.5EG 5.52026-06-11
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination.
- CVE-2025-24173HIGHCVSS 7.8EG 7.82025-03-31
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may b…
Map vulnerabilities like CWE-284 to your infrastructure
EchelonGraph correlates every CVE — across CWE-284 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →