Vulnerabilities > Improper Access Control

DATE	CVE	VULNERABILITY TITLE	RISK
2025-03-03	CVE-2024-51954	There is an improper access control issue in ArcGIS Server versions 10.9.1 through 11.3 on Windows and Linux, which under unique circumstances, could potentially allow a remote, low privileged authenticated attacker to access secure services published a standalone (Unfederated) ArcGIS Server instance. If successful this compromise would have a high impact on Confidentiality, low impact on integrity and no impact to availability of the software. network low complexity CWE-284	8.5
2025-02-25	CVE-2024-13693	Improper Access Control vulnerability in Kriesi Enfold The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. network low complexity kriesi CWE-284	5.3
2025-02-24	CVE-2025-27140	Improper Access Control vulnerability in Wegia 3.2.13/3.2.14 WeGIA is a Web manager for charitable institutions. network low complexity wegia CWE-284 critical	9.8
2025-02-24	CVE-2025-1606	Improper Access Control vulnerability in Mayurik Best Employee Management System 1.0 A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. network low complexity mayurik CWE-284	7.5
2025-02-23	CVE-2025-1595	A vulnerability has been found in Anhui Xufan Information Technology EasyCVR up to 2.7.0 and classified as problematic. network low complexity CWE-284	5.3
2025-02-19	CVE-2025-20153	A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device. network low complexity CWE-284	5.8
2025-02-19	CVE-2024-13854	The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naedu_elementor_template shortcode due to missing validation on a user controlled key. network low complexity CWE-284	4.3
2025-02-18	CVE-2025-26606	Improper Access Control vulnerability in Wegia WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. network low complexity wegia CWE-284 critical	9.8
2025-02-18	CVE-2025-26607	Improper Access Control vulnerability in Wegia WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. network low complexity wegia CWE-284 critical	9.8
2025-02-18	CVE-2025-26608	Improper Access Control vulnerability in Wegia WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. network low complexity wegia CWE-284 critical	9.8

Vulnerabilities > Improper Access Control {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Improper Access Control"}]}

Vulnerabilities > Improper Access Control