Vulnerabilities > Improper Access Control
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-23 | CVE-2024-43477 | Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant. | 7.5 |
2024-08-20 | CVE-2024-38175 | An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network. | 9.6 |
2024-08-14 | CVE-2024-38163 | Windows Update Stack Elevation of Privilege Vulnerability | 7.8 |
2024-08-12 | CVE-2024-29082 | Improper Access Control vulnerability in Vonets products Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication and factory reset the device via unprotected goform endpoints. | 8.6 |
2020-10-28 | CVE-2020-16261 | Improper Access Control vulnerability in Winstonprivacy Winston Firmware 1.5.4 Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access. | 6.8 |
2019-08-30 | CVE-2018-15513 | Improper Access Control vulnerability in Totemo Totemomail 6.0.0 Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role. | 5.3 |
2019-08-29 | CVE-2018-21007 | Improper Access Control vulnerability in Wisetr User Email Verification for Woocommerce The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads. | 9.8 |
2019-08-22 | CVE-2015-9337 | Improper Access Control vulnerability in Cozmoslabs Profile Builder The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX. | 7.5 |
2019-08-16 | CVE-2017-18543 | Improper Access Control vulnerability in Invite Anyone Project Invite Anyone The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations. | 9.8 |
2019-08-08 | CVE-2018-20957 | Improper Access Control vulnerability in Tapplock One+ Firmware The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks. | 8.8 |