Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2024-03-13 CVE-2024-2412 The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled.
network
low complexity
CWE-284
5.3
2024-03-12 CVE-2023-36554 Improper Access Control vulnerability in Fortinet Fortimanager
A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
network
low complexity
fortinet CWE-284
critical
9.8
2024-02-05 CVE-2024-22202 Improper Access Control vulnerability in PHPmyfaq
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases.
network
low complexity
phpmyfaq CWE-284
6.5
2024-02-02 CVE-2023-38263 Improper Access Control vulnerability in IBM Soar Qradar Plugin APP
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls.
network
low complexity
ibm CWE-284
8.8
2024-02-02 CVE-2023-32333 Improper Access Control vulnerability in IBM Maximo Asset Management 7.6.1.3
IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls.
network
low complexity
ibm CWE-284
critical
9.8
2024-01-19 CVE-2024-0712 Improper Access Control vulnerability in Byzoro Smart S150 Firmware 31R02B15
A vulnerability was found in Beijing Baichuo Smart S150 Management Platform V31R02B15.
network
low complexity
byzoro CWE-284
critical
9.8
2024-01-17 CVE-2024-0642 Improper Access Control vulnerability in Cires21 Live Encoder 5.3
Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3.
network
low complexity
cires21 CWE-284
critical
9.8
2024-01-16 CVE-2024-22407 Improper Access Control vulnerability in Shopware
Shopware is an open headless commerce platform.
network
low complexity
shopware CWE-284
6.5
2024-01-13 CVE-2024-22209 Improper Access Control vulnerability in EDX Edx-Platform
Open edX Platform is a service-oriented platform for authoring and delivering online learning.
network
low complexity
edx CWE-284
8.8
2024-01-12 CVE-2023-49098 Improper Access Control vulnerability in Discourse Reactions 0.1/0.2
Discourse-reactions is a plugin that allows user to add their reactions to the post.
network
low complexity
discourse CWE-284
3.5