VYPR

CWE-284

Improper Access Control

PillarIncomplete

Description

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-19 · CAPEC-441 · CAPEC-478 · CAPEC-479 · CAPEC-502 · CAPEC-503 · CAPEC-536 · CAPEC-546 · CAPEC-550 · CAPEC-551 · CAPEC-552 · CAPEC-556 · CAPEC-558 · CAPEC-562 · CAPEC-563 · CAPEC-564 · CAPEC-578

CVEs mapped to this weakness (2,700)

page 24 of 135
  • CVE-2026-40569CriApr 21, 2026
    risk 0.52cvss 9.0epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout (`connectionIncomingSave()` at `app/Http/Controllers/MailboxesController.php:468` and…

  • CVE-2026-34456CriApr 1, 2026
    risk 0.52cvss 9.1epss 0.00

    Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version 26.2.0-beta.1 to before version 26.2.0-beta.5, a vulnerability in the OAuth authentication flow allowed automatic linking of social accounts based solely…

  • CVE-2025-7016HigJan 29, 2026
    risk 0.52cvss 8.0epss 0.00

    Improper Access Control vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Authentication Abuse. This issue affects QR Menu: before s1.05.12.

  • CVE-2025-48860HigAug 14, 2025
    risk 0.52cvss 8.0epss 0.00

    A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may…

  • CVE-2023-38296HigApr 22, 2024
    risk 0.52cvss 8.0epss 0.00

    Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable…

  • CVE-2016-7248HigNov 10, 2016
    risk 0.52cvss 7.8epss 0.22

    Microsoft Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Video Control Remote Code Execution Vulnerability."

  • CVE-2016-0142HigOct 14, 2016
    risk 0.52cvss 7.8epss 0.20

    Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Video Control Remote Code Execution Vulnerability."

  • CVE-2016-0182HigMay 11, 2016
    risk 0.52cvss 7.8epss 0.20

    Windows Journal in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted Journal (aka .jnt) file, aka "Windows Journal Memory Corruption Vulnerability."

  • CVE-2016-0153HigApr 12, 2016
    risk 0.52cvss 7.8epss 0.21

    OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Remote Code Execution Vulnerability."

  • CVE-2012-6435HigJan 24, 2013
    risk 0.52cvss 7.5epss 0.42

    When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the CPU to stop logic execution and enter a fault state, a DoS can occur. This situation could cause…

  • CVE-2026-49161HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-48578HigJun 9, 2026
    risk 0.51cvss 7.9epss 0.00

    Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-45658HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

  • CVE-2026-45654HigJun 9, 2026
    risk 0.51cvss 7.9epss 0.00

    Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-42829HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-41092HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40715HigJun 2, 2026
    risk 0.51cvss 7.8epss 0.00

    Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Privilege Escalation.

  • CVE-2025-22426HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0856HigMay 20, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component:…

  • CVE-2026-40381HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.