CWE-284

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules.…

Due to not validating the organization context when executing adaptive authentication flows, the WSO2 Identity Server allows adaptive…

phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability…

There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to…

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a…

Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there…

Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this…

UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx…

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0,…

Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over…

Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over…

Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote…

An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke…

An Improper Access Control vulnerability in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote authenticated…

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote…

Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected…

Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap…

IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen…

A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file…

A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of…

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file…

A vulnerability was found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This impacts…

A vulnerability was detected in crmeb_java up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java…

AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config,…

A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of…