Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2024-08-23 CVE-2024-43477 Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant.
network
low complexity
CWE-284
7.5
2024-08-20 CVE-2024-38175 An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.
network
low complexity
CWE-284
critical
9.6
2024-08-14 CVE-2024-38163 Windows Update Stack Elevation of Privilege Vulnerability
local
low complexity
CWE-284
7.8
2024-08-12 CVE-2024-29082 Improper Access Control vulnerability in Vonets products
Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication and factory reset the device via unprotected goform endpoints.
network
low complexity
vonets CWE-284
8.6
2020-10-28 CVE-2020-16261 Improper Access Control vulnerability in Winstonprivacy Winston Firmware 1.5.4
Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access.
low complexity
winstonprivacy CWE-284
6.8
2019-08-30 CVE-2018-15513 Improper Access Control vulnerability in Totemo Totemomail 6.0.0
Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role.
network
low complexity
totemo CWE-284
5.3
2019-08-29 CVE-2018-21007 Improper Access Control vulnerability in Wisetr User Email Verification for Woocommerce
The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads.
network
low complexity
wisetr CWE-284
critical
9.8
2019-08-22 CVE-2015-9337 Improper Access Control vulnerability in Cozmoslabs Profile Builder
The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX.
network
low complexity
cozmoslabs CWE-284
7.5
2019-08-16 CVE-2017-18543 Improper Access Control vulnerability in Invite Anyone Project Invite Anyone
The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations.
network
low complexity
invite-anyone-project CWE-284
critical
9.8
2019-08-08 CVE-2018-20957 Improper Access Control vulnerability in Tapplock One+ Firmware
The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks.
low complexity
tapplock CWE-284
8.8