Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-12 | CVE-2024-29082 | Improper Access Control vulnerability in Vonets products Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication and factory reset the device via unprotected goform endpoints. | 8.6 |
| 2023-04-15 | CVE-2023-2104 | Improper Access Control vulnerability in Easyappointments Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | 5.4 |
| 2020-10-28 | CVE-2020-16261 | Improper Access Control vulnerability in Winstonprivacy Winston Firmware 1.5.4 Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access. | 6.8 |
| 2019-08-30 | CVE-2018-15513 | Improper Access Control vulnerability in Totemo Totemomail 6.0.0 Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role. | 5.3 |
| 2019-08-29 | CVE-2018-21007 | Improper Access Control vulnerability in Wisetr User Email Verification for Woocommerce The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads. | 9.8 |
| 2019-08-22 | CVE-2015-9337 | Improper Access Control vulnerability in Cozmoslabs Profile Builder The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX. | 7.5 |
| 2019-08-16 | CVE-2017-18543 | Improper Access Control vulnerability in Invite Anyone Project Invite Anyone The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations. | 9.8 |
| 2019-08-08 | CVE-2018-20957 | Improper Access Control vulnerability in Tapplock One+ Firmware The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks. | 8.8 |
| 2019-08-07 | CVE-2016-10802 | Improper Access Control vulnerability in Cpanel cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142). | 8.8 |
| 2019-08-07 | CVE-2016-10799 | Improper Access Control vulnerability in Cpanel cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137). | 5.5 |