VYPR

CWE-284

Improper Access Control

PillarIncomplete

Description

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-19 · CAPEC-441 · CAPEC-478 · CAPEC-479 · CAPEC-502 · CAPEC-503 · CAPEC-536 · CAPEC-546 · CAPEC-550 · CAPEC-551 · CAPEC-552 · CAPEC-556 · CAPEC-558 · CAPEC-562 · CAPEC-563 · CAPEC-564 · CAPEC-578

CVEs mapped to this weakness (2,700)

page 41 of 135
  • CVE-2026-11474HigJun 8, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected is an unknown function of the file service/RegisterService.php of the component Registration Endpoint. Performing a manipulation of the argument…

  • CVE-2026-11344HigJun 5, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in code-projects Vehicle Management System 1.0. This impacts an unknown function of the file newdriver.php of the component New Driver Registration Form. Performing a manipulation of the argument photo results in unrestricted upload. The attack may be…

  • CVE-2026-9562HigMay 26, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such manipulation leads to improper access controls. The attack may be launched remotely.…

  • CVE-2026-9517HigMay 26, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in hemant6488 CodeIgniter-StudentManagementSystem. The affected element is an unknown function of the file /index.php/students/addStudentView of the component Student Management Handler. Executing a manipulation can lead to improper access…

  • CVE-2026-9421HigMay 25, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been…

  • CVE-2026-39250HigMay 19, 2026
    risk 0.47cvss 7.3epss 0.00

    An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations.

  • CVE-2026-8758HigMay 17, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The…

  • CVE-2026-7733HigMay 4, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The…

  • CVE-2026-7711HigMay 4, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed…

  • CVE-2026-7468HigApr 30, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely.…

  • CVE-2026-34292HigApr 21, 2026
    risk 0.47cvss 7.2epss 0.00

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise…

  • CVE-2026-6602HigApr 20, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad14f7f90f4. Affected is an unknown function of the file /backend/admin/his_admin_account.php. The manipulation of the argument ad_dpic results in unrestricted upload. The attack…

  • CVE-2026-1078HigApr 7, 2026
    risk 0.47cvss epss 0.00

    An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Edge. A bad actor could create a website that includes malicious code. The…

  • CVE-2026-5573HigApr 5, 2026
    risk 0.47cvss 7.3epss 0.01

    A weakness has been identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This impacts an unknown function of the file /fs. Executing a manipulation of the argument cwd can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made…

  • CVE-2026-5569HigApr 5, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /Technostrobe/ of the component Endpoint. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been…

  • CVE-2026-5526HigApr 4, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The…

  • CVE-2026-5261HigApr 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uploadFileToIIS of the file /Base/BaseHandler.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack…

  • CVE-2026-5001HigMar 28, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The affected element is the function do_POST of the file backend/server.py. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The…

  • CVE-2026-4536HigMar 22, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. The…

  • CVE-2026-4221HigMar 16, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched…