Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2025-05-15 CVE-2025-47161 Microsoft Defender for Endpoint Elevation of Privilege Vulnerability
local
low complexity
CWE-284
7.8
7.8
2025-05-13 CVE-2025-43563 ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read.
network
low complexity
CWE-284
critical
 9.1
9.1
2025-05-13 CVE-2025-29973 Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.
local
high complexity
CWE-284
7.0
7.0
2025-05-08 CVE-2025-33072 Improper access control in Azure allows an unauthorized attacker to disclose information over a network.
network
low complexity
CWE-284
8.1
8.1
2025-05-07 CVE-2025-20137 A vulnerability in the access control list (ACL) programming of Cisco IOS Software that is running on Cisco Catalyst 1000 Switches and Cisco Catalyst 2960L Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the use of both an IPv4 ACL and a dynamic ACL of IP Source Guard on the same interface, which is an unsupported configuration.
low complexity
CWE-284
4.7
4.7
2025-05-07 CVE-2025-20190 A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users that are defined on an affected device. This vulnerability is due to insufficient access control of actions executed by lobby ambassador users.
network
low complexity
CWE-284
6.5
6.5
2025-05-07 CVE-2025-20223 A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device. This vulnerability is due to insufficient enforcement of access control on HTTP requests.
network
low complexity
CWE-284
4.7
4.7
2025-05-06 CVE-2024-49842 Improper Access Control vulnerability in Qualcomm products
Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.
local
low complexity
qualcomm CWE-284
7.8
7.8
2025-05-06 CVE-2025-21469 Improper Access Control vulnerability in Qualcomm products
Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call.
local
low complexity
qualcomm CWE-284
7.8
7.8
2025-05-06 CVE-2025-21470 Improper Access Control vulnerability in Qualcomm products
Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter.
local
low complexity
qualcomm CWE-284
7.8
7.8