Export limit exceeded: 367166 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (5724 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-21828 1 Intel 2 Ethernet Adapter Complete Driver Pack, Ethernet Connections Boot Utility Preboot Images And Efi Drivers 2026-04-15 6.7 Medium
Improper access control in some Intel(R) Ethernet Controller Administrative Tools software before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-21741 1 Gigadevice 1 Gd32e103c8t6 2026-04-15 9.8 Critical
GigaDevice GD32E103C8T6 devices have Incorrect Access Control.
CVE-2025-25962 2026-04-15 9.8 Critical
An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function
CVE-2025-56241 1 Aztech 1 Dsl5005en 2026-04-15 7.5 High
Aztech DSL5005EN firmware 1.00.AZ_2013-05-10 and possibly other versions allows unauthenticated attackers to change the administrator password via a crafted POST request to sysAccess.asp. This allows full administrative control of the router without authentication.
CVE-2025-50434 2026-04-15 5.3 Medium
A security issue has been identified in Appian Enterprise Business Process Management version 25.3. The vulnerability is related to incorrect access control, which under certain conditions could allow unauthorized access to information. NOTE: this has been disputed because the CVE Record information does not originate from the Supplier, and the report lacks specificity about why a problem exists, how the behavior could be reproduced, and whether any action could be taken to resolve the problem.
CVE-2024-47910 1 Sonarsource 1 Sonarqube 2026-04-15 7.2 High
An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT.
CVE-2025-61113 2 Google, Talktalk 2 Android, Talktalk App 2026-04-15 7.5 High
TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information (such as device identifiers and birthdays) and access private group information, including join credentials. Successful exploitation may result in privacy breaches and unauthorized access to restricted resources.
CVE-2025-39247 1 Hikvision 1 Hikcentral Professional 2026-04-15 8.6 High
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
CVE-2025-61119 2 Google, Karely 2 Android, Kanova App 2026-04-15 7.5 High
Kanova Android App version 1.0.27 (package name com.karelane), developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by manipulating API request parameters. Successful exploitation could result in privacy breaches, unauthorized group access, and misuse of the platform.
CVE-2024-33393 1 Spidernet-io 1 Spiderpool 2026-04-15 6.2 Medium
An issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.
CVE-2025-29524 1 Dasan 1 H660wm 2026-04-15 6.5 Medium
Incorrect access control in the component /cgi-bin/system_diagnostic_main.asp of DASAN GPON ONU H660WM H660WMR210825 allows attackers to access sensitive information.
CVE-2025-61118 2 Google, Skytop 2 Android, Mcarfix App 2026-04-15 7.5 High
mCarFix Motorists App version 2.3 (package name com.skytop.mcarfix), developed by Paniel Mwaura, contains improper access control vulnerabilities. Attackers may bypass verification to arbitrarily register accounts, and by tampering with sequential numeric IDs, gain unauthorized access to user data and groups. Successful exploitation could result in fake account creation, privacy breaches, and misuse of the platform.
CVE-2025-61116 2 Google, Scriptsbundle 2 Android, Adforest 2026-04-15 7.5 High
AdForest - Classified Android App version 4.0.12 (package name scriptsbundle.adforest), developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mechanism. The app uses a Base64-encoded email address as the authorization credential, which can be manipulated by attackers to gain unauthorized access to user accounts. Successful exploitation could result in account compromise, privacy breaches, and misuse of the platform.
CVE-2025-61114 2 Autobizline, Google 2 Mysecondline, Android 2026-04-15 7.5 High
2nd Line Android App version v1.2.92 and before (package name com.mysecondline.app), developed by AutoBizLine, Inc., contains an improper access control vulnerability in its authentication mechanism. The server only validates the first character of the user_token, enabling attackers to brute force tokens and perform unauthorized queries on other user accounts. Successful exploitation could result in privacy breaches and unauthorized access to user data.
CVE-2025-29315 2026-04-15 9.8 Critical
An issue in the Shiro-based RBAC (Role-based Access Control) mechanism of OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allows attackers to execute privileged operations via a crafted request.
CVE-2024-12307 1 Unifiedtransform 1 Unifiedtransform 2026-04-15 4.3 Medium
A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the time of publication of the CVE no patch is available.
CVE-2025-62713 1 Kottster 1 Kottster 2026-04-15 N/A
Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been fixed in version 3.3.2.
CVE-2024-6727 2026-04-15 5.4 Medium
A flaw in versions of Delphix Data Control Tower (DCT) prior to 19.0.0 results in broken authentication through the enable-scale-testing functionality of the application.
CVE-2024-1678 2 Dunhakdis, Wordpress 2 Subway-private Site Option, Wordpress 2026-04-15 5.3 Medium
The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post content.
CVE-2025-13949 1 Proudmubai 1 Gofilm 2026-04-15 6.3 Medium
A vulnerability was identified in ProudMuBai GoFilm 1.0.0/1.0.1. Impacted is the function SingleUpload of the file /server/controller/FileController.go. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.