CWE-284— Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.— MITRE CWE catalog
4,700 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-284page 75 of 94
- CVE-2025-7487MEDIUMCVSS 6.3EG 6.32025-07-12
A vulnerability, which was classified as critical, was found in JoeyBling SpringBoot_MyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26. This affects the function SysFileController of the file /file/upload. The manipulation of the …
- CVE-2025-7538CRITICALCVSS 9.8EG 7.32025-07-13
A vulnerability classified as critical was found in Campcodes Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /pages/product_update.php. The manipulation of the argument image leads to unrestricted uploa…
- CVE-2025-7547CRITICALCVSS 9.8EG 7.32025-07-13
A vulnerability, which was classified as critical, was found in Campcodes Online Movie Theater Seat Reservation System 1.0. This affects the function save_movie of the file /admin/admin_class.php. The manipulation of the argument cover lea…
- CVE-2025-7552MEDIUMCVSS 6.3EG 6.32025-07-14
A vulnerability was found in Dromara Northstar up to 7.3.5. It has been rated as critical. Affected by this issue is the function preHandle of the file northstar-main/src/main/java/org/dromara/northstar/web/interceptor/AuthorizationInterce…
- CVE-2025-7565HIGHCVSS 7.5EG 5.32025-07-14
A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function geteasycfg of the file /cgi-bin/lighttpd.cgi of the component Web Management Interface. The manipulation of the argum…
- CVE-2025-7572MEDIUMCVSS 5.3EG 5.32025-07-14
A vulnerability classified as critical was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This vulnerability affects the function bs_GetHostInfo in the library libblinkapi.so of th…
- CVE-2025-7573MEDIUMCVSS 5.3EG 5.32025-07-14
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This issue affects the function bs_GetManPwd in the library libblinkapi.s…
- CVE-2025-7576HIGHCVSS 7.3EG 7.32025-07-14
A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16 and classified as critical. Affected by this issue is some unknown functionality of the file /priv/production/production.html of the component Production…
- CVE-2025-7627CRITICALCVSS 9.8EG 6.32025-07-14
A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and classified as critical. Affected by this issue is the function fileUpload of the file /fileUpload. The manipulation of the argu…
- CVE-2025-7755HIGHCVSS 8.8EG 6.32025-07-17
A vulnerability was found in code-projects Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit_product.php. The manipulation of the argument image leads to unrestric…
- CVE-2025-7864MEDIUMCVSS 5.4EG 6.32025-07-20
A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been classified as critical. This affects the function Upload of the file src/main/java/com/jeesite/modules/file/web/FileUploadController.java. The manipulation leads to un…
- CVE-2025-7874CRITICALCVSS 9.1EG 5.32025-07-20
A vulnerability was found in Metasoft 美特软件 MetaCRM up to 6.4.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /env.jsp. The manipulation leads to information disclosure. The atta…
- CVE-2025-7877CRITICALCVSS 9.8EG 6.32025-07-20
A vulnerability, which was classified as critical, has been found in Metasoft 美特软件 MetaCRM up to 6.4.2. This issue affects some unknown processing of the file sendfile.jsp. The manipulation of the argument File leads to unrestricte…
- CVE-2025-7878HIGHCVSS 8.8EG 6.32025-07-20
A vulnerability, which was classified as critical, was found in Metasoft 美特软件 MetaCRM up to 6.4.2. Affected is an unknown function of the file /common/jsp/upload2.jsp. The manipulation of the argument File leads to unrestricted upl…
- CVE-2025-7879CRITICALCVSS 9.8EG 6.32025-07-20
A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mobileupload.jsp. The manipulation of the argument File leads to…
- CVE-2025-7880HIGHCVSS 8.8EG 6.32025-07-20
A vulnerability was found in Metasoft 美特软件 MetaCRM up to 6.4.2 and classified as critical. Affected by this issue is some unknown functionality of the file /business/common/sms/sendsms.jsp. The manipulation of the argument File lea…
- CVE-2025-7895CRITICALCVSS 9.8EG 6.32025-07-20
A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the component File Extension Handler. The manipula…
- CVE-2025-7898HIGHCVSS 7.2EG 4.72025-07-20
A vulnerability was found in Codecanyon iDentSoft 2.0. It has been classified as critical. This affects an unknown part of the file /clinica/profile/updateSetting of the component Account Setting Page. The manipulation of the argument phot…
- CVE-2025-7906MEDIUMCVSS 5.4EG 6.32025-07-20
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java. The manipulati…
- CVE-2025-7931HIGHCVSS 7.3EG 7.32025-07-21
A vulnerability was found in code-projects Church Donation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /members/admin_pic.php. The manipulation of the argument image leads to …
- CVE-2025-7939HIGHCVSS 8.8EG 6.32025-07-21
A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0. It has been classified as critical. Affected is the function addGoods of the file GoodsController.java. The manipulation leads to unrestricted upload. It is po…
- CVE-2025-8025CRITICALCVSS 9.8EG 9.82026-02-11
Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dinosoft ERP: from < 3.0.1…
- CVE-2025-8128MEDIUMCVSS 6.3EG 6.32025-07-25
A vulnerability, which was classified as critical, has been found in zhousg letao up to 7d8df0386a65228476290949e0413de48f7fbe98. This issue affects some unknown processing of the file routes\bf\product.js. The manipulation of the argument…
- CVE-2025-8171MEDIUMCVSS 6.3EG 6.32025-07-25
A vulnerability, which was classified as critical, has been found in code-projects Document Management System 1.0. This issue affects some unknown processing of the file /insert.php. The manipulation of the argument uploaded_file leads to …
- CVE-2025-8174MEDIUMCVSS 6.3EG 6.32025-07-26
A vulnerability was found in code-projects Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/candidates_add.php. The manipulation of the argument photo leads to unrestrict…
- CVE-2025-8226CRITICALCVSS 9.8EG 4.32025-07-27
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been classified as problematic. Affected is an unknown function of the file /sysApp/find. The manipulation of the argument accessKey/secretKey leads to information discl…
- CVE-2025-8255CRITICALCVSS 9.8EG 7.32025-07-28
A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /register.php. The manipulation of the argument image leads to unrestricted upload. …
- CVE-2025-8256CRITICALCVSS 9.8EG 6.32025-07-28
A vulnerability classified as critical has been found in code-projects Online Ordering System 1.0. Affected is an unknown function of the file /admin/product.php. The manipulation of the argument image leads to unrestricted upload. It is p…
- CVE-2025-8265MEDIUMCVSS 4.7EG 4.72025-07-28
A vulnerability classified as critical has been found in 299Ko CMS 2.0.0. This affects an unknown part of the file /admin/filemanager/view of the component File Management. The manipulation leads to unrestricted upload. It is possible to i…
- CVE-2025-8344CRITICALCVSS 9.8EG 6.32025-07-31
A vulnerability classified as critical has been found in openviglet shio up to 0.3.8. Affected is the function shStaticFileUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of t…
- CVE-2025-8379HIGHCVSS 7.2EG 4.72025-07-31
A vulnerability classified as critical has been found in Campcodes Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/edit_room.php. The manipulation of the argument photo leads to unrestricted upload. It …
- CVE-2025-8504CRITICALCVSS 9.8EG 6.32025-08-03
A vulnerability, which was classified as critical, was found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the file /userregistration.php. The manipulation of the argument photo leads to unrestricted upload. It is …
- CVE-2025-8515LOWCVSS 3.7EG 3.12025-08-04
A weakness has been identified in Intelbras InControl 2.21.60.9. This vulnerability affects unknown code of the file /v1/operador/ of the component JSON Endpoint. Executing manipulation can lead to information disclosure. It is possible to…
- CVE-2025-8519LOWCVSS 2.7EG 2.72025-08-04
A vulnerability classified as problematic has been found in givanz Vvveb up to 1.0.5. This affects an unknown part of the file /vadmin123/index.php?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argumen…
- CVE-2025-8525MEDIUMCVSS 5.3EG 5.32025-08-04
A vulnerability was found in Exrick xboot up to 3.3.4. It has been classified as problematic. This affects an unknown part of the component Spring Boot Admin/Spring Actuator. The manipulation leads to information disclosure. It is possible…
- CVE-2025-8526CRITICALCVSS 9.8EG 6.32025-08-04
A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the function Upload of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/UploadController.ja…
- CVE-2025-8738MEDIUMCVSS 5.3EG 5.32025-08-08
A vulnerability has been found in zlt2000 microservices-platform up to 6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /actuator of the component Spring Actuator Interface. The manipulation leads to…
- CVE-2025-8762MEDIUMCVSS 6.8EG 6.82025-08-13
A vulnerability was found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper physical access control. It is possible to launch the attack o…
- CVE-2025-8764MEDIUMCVSS 5.4EG 6.32025-08-09
A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Affected is the function Upload of the file /wx/storage/upload. The manipulation of the argument File leads to unrestricted upload. It is possible to…
- CVE-2025-8775CRITICALCVSS 9.8EG 6.32025-08-09
A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulati…
- CVE-2025-8795CRITICALCVSS 9.9EG 6.32025-08-10
A vulnerability, which was classified as critical, was found in LitmusChaos Litmus up to 3.19.0. This affects an unknown part of the file /auth/login. The manipulation of the argument projectID leads to improper access controls. It is poss…
- CVE-2025-8798MEDIUMCVSS 6.1EG 7.32025-08-10
A vulnerability was found in oitcode samarium up to 0.9.6. It has been classified as critical. Affected is an unknown function of the file /dashboard/product of the component Create Product Page. The manipulation leads to unrestricted uplo…
- CVE-2025-8841MEDIUMCVSS 6.1EG 6.32025-08-11
A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0. Affected by this vulnerability is the function Upload of the file zlt-business/file-center/src/main/java/com/central/file/controller/FileController.java. The man…
- CVE-2025-8859HIGHCVSS 8.8EG 6.32025-08-11
A vulnerability was identified in code-projects eBlog Site 1.0. Affected by this vulnerability is an unknown functionality of the file /native/admin/save-slider.php of the component File Upload Module. The manipulation leads to unrestricte…
- CVE-2025-8965HIGHCVSS 8.8EG 6.32025-08-14
A vulnerability has been found in linlinjava litemall up to 1.8.0. This vulnerability affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java of the component E…
- CVE-2025-9099MEDIUMCVSS 6.3EG 6.32025-08-18
A vulnerability was identified in Acrel Environmental Monitoring Cloud Platform up to 20250804. This affects an unknown part of the file /NewsManage/UploadNewsImg. The manipulation of the argument File leads to unrestricted upload. It is p…
- CVE-2025-9139MEDIUMCVSS 6.5EG 4.32025-08-19
A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation can lead to information disclosure. The…
- CVE-2025-9153HIGHCVSS 8.8EG 6.32025-08-19
A vulnerability was detected in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of the argument photo results in unrestricted…
- CVE-2025-9240MEDIUMCVSS 4.3EG 4.32025-08-20
A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in information disclosure. The attack can be launched remotely. The expl…
- CVE-2025-9296CRITICALCVSS 9.8EG 4.72025-08-21
A security vulnerability has been detected in Emlog Pro up to 2.5.18. This affects an unknown function of the file /admin/blogger.php?action=update_avatar. Such manipulation of the argument image leads to unrestricted upload. It is possibl…
Map vulnerabilities like CWE-284 to your infrastructure
EchelonGraph correlates every CVE — across CWE-284 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →