Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-20324

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-07 Jul, 2025 | 17:48
Updated At-08 Jul, 2025 | 13:36
Rejected At-
Credits

Improper Access Control in System Source Types Configuration in Splunk Enterprise

In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create or overwrite [system source type](https://help.splunk.com/en/splunk-enterprise/get-started/get-data-in/9.2/configure-source-types/create-source-types) configurations by sending a specially-crafted payload to the `/servicesNS/nobody/search/admin/sourcetypes/` REST endpoint on the Splunk management port.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:07 Jul, 2025 | 17:48
Updated At:08 Jul, 2025 | 13:36
Rejected At:
▼CVE Numbering Authority (CNA)
Improper Access Control in System Source Types Configuration in Splunk Enterprise

In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create or overwrite [system source type](https://help.splunk.com/en/splunk-enterprise/get-started/get-data-in/9.2/configure-source-types/create-source-types) configurations by sending a specially-crafted payload to the `/servicesNS/nobody/search/admin/sourcetypes/` REST endpoint on the Splunk management port.

Affected Products
Vendor
Splunk LLC (Cisco Systems, Inc.)Splunk
Product
Splunk Enterprise
Versions
Affected
  • From 9.4 before 9.4.2 (custom)
  • From 9.3 before 9.3.5 (custom)
  • From 9.2 before 9.2.7 (custom)
  • From 9.1 before 9.1.10 (custom)
Vendor
Splunk LLC (Cisco Systems, Inc.)Splunk
Product
Splunk Enterprise Cloud
Versions
Affected
  • From 9.3.2411 before 9.3.2411.104 (custom)
  • From 9.3.2408 before 9.3.2408.113 (custom)
  • From 9.2.2406 before 9.2.2406.119 (custom)
Problem Types
TypeCWE IDDescription
cweCWE-284The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Type: cwe
CWE ID: CWE-284
Description: The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://advisory.splunk.com/advisories/SVD-2025-0707
N/A
Hyperlink: https://advisory.splunk.com/advisories/SVD-2025-0707
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@cisco.com
Published At:07 Jul, 2025 | 18:15
Updated At:21 Jul, 2025 | 20:43

In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create or overwrite [system source type](https://help.splunk.com/en/splunk-enterprise/get-started/get-data-in/9.2/configure-source-types/create-source-types) configurations by sending a specially-crafted payload to the `/servicesNS/nobody/search/admin/sourcetypes/` REST endpoint on the Splunk management port.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CPE Matches

Splunk LLC (Cisco Systems, Inc.)
splunk
>>splunk>>Versions from 9.1.0(inclusive) to 9.1.10(exclusive)
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
Splunk LLC (Cisco Systems, Inc.)
splunk
>>splunk>>Versions from 9.2.0(inclusive) to 9.2.7(exclusive)
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
Splunk LLC (Cisco Systems, Inc.)
splunk
>>splunk>>Versions from 9.3.0(inclusive) to 9.3.5(exclusive)
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
Splunk LLC (Cisco Systems, Inc.)
splunk
>>splunk>>Versions from 9.4.0(inclusive) to 9.4.2(exclusive)
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
Splunk LLC (Cisco Systems, Inc.)
splunk
>>splunk_cloud_platform>>Versions from 9.2.2406(inclusive) to 9.2.2406.119(exclusive)
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*
Splunk LLC (Cisco Systems, Inc.)
splunk
>>splunk_cloud_platform>>Versions from 9.3.2408(inclusive) to 9.3.2408.113(exclusive)
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*
Splunk LLC (Cisco Systems, Inc.)
splunk
>>splunk_cloud_platform>>Versions from 9.3.2411(inclusive) to 9.3.2411.104(exclusive)
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-284Primarypsirt@cisco.com
CWE ID: CWE-284
Type: Primary
Source: psirt@cisco.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://advisory.splunk.com/advisories/SVD-2025-0707psirt@cisco.com
Vendor Advisory
Hyperlink: https://advisory.splunk.com/advisories/SVD-2025-0707
Source: psirt@cisco.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

64Records found

CVE-2026-20166
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 4.89%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 16:18
Updated-24 Mar, 2026 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sensitive Information Disclosure in Discover Splunk Observability Cloud app for Splunk Enterprise

In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Observability Cloud API access token through the Discover Splunk Observability Cloud app due to improper access control. This vulnerability does not affect Splunk Enterprise versions below 9.4.9 and 9.3.10 because the Discover Splunk Observability Cloud app does not come with Splunk Enterprise.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-splunksplunk_cloud_platformSplunk Cloud PlatformSplunk Enterprise
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-20366
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.41% / 32.86%
||
7 Day CHG+0.01%
Published-01 Oct, 2025 | 16:07
Updated-08 Oct, 2025 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Background Job Submission in Splunk Enterprise

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an administrative search job in the background. If the low privileged user guesses the search job’s unique Search ID (SID), the user could retrieve the results of that job, potentially exposing sensitive search results. For more information see https://help.splunk.com/en/splunk-enterprise/search/search-manual/10.0/manage-jobs/about-jobs-and-job-management and https://help.splunk.com/en/splunk-enterprise/search/search-manual/10.0/manage-jobs/manage-search-jobs.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-splunk_cloud_platformsplunkSplunk EnterpriseSplunk Cloud Platform
CWE ID-CWE-284
Improper Access Control
CVE-2025-20229
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8||HIGH
EPSS-13.99% / 96.10%
||
7 Day CHG+2.18%
Published-26 Mar, 2025 | 22:05
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution through file upload to “$SPLUNK_HOME/var/run/splunk/apptemp“ directory in Splunk Enterprise

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-splunksplunk_cloud_platformSplunk Cloud PlatformSplunk Enterprise
CWE ID-CWE-284
Improper Access Control
CVE-2025-20323
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 16.22%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 17:48
Updated-21 Jul, 2025 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Access Control of Saved Searches in the Splunk Archiver app

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search `Bucket Copy Trigger` within the Splunk Archiver application. This is because of missing access controls in the saved searches for this app.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-splunkSplunk Enterprise
CWE ID-CWE-284
Improper Access Control
CVE-2025-20230
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 21.76%
||
7 Day CHG+0.02%
Published-26 Mar, 2025 | 22:24
Updated-01 Aug, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Access Control and Incorrect Ownership of Data in App Key Value Store (KVStore) collections in the Splunk Secure Gateway App

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value Store (KVStore) collections that the Splunk Secure Gateway app created. This is due to missing access control and incorrect ownership of the data in those KVStore collections.<br><br>In the affected versions, the `nobody` user owned the data in the KVStore collections. This meant that there was no specific owner assigned to the data in those collections.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-splunksplunk_secure_gatewaySplunk Secure GatewaySplunk Enterprise
CWE ID-CWE-284
Improper Access Control
CVE-2022-32158
Matching Score-6
Assigner-Splunk Inc.
ShareView Details
Matching Score-6
Assigner-Splunk Inc.
CVSS Score-9||CRITICAL
EPSS-1.42% / 69.51%
||
7 Day CHG+0.03%
Published-15 Jun, 2022 | 16:50
Updated-17 Sep, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Splunk Enterprise deployment servers allow client publishing of forwarder bundles

Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute arbitrary code on all other Universal Forwarder endpoints subscribed to the deployment server.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-splunkSplunk Enterprise
CWE ID-CWE-284
Improper Access Control
CVE-2024-45734
Matching Score-6
Assigner-Splunk Inc.
ShareView Details
Matching Score-6
Assigner-Splunk Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.35% / 26.86%
||
7 Day CHG~0.00%
Published-14 Oct, 2024 | 17:03
Updated-28 Feb, 2025 | 11:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Low Privilege User can View Images on the Host Machine by using the PDF Export feature in Splunk Classic Dashboard

In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed by exporting the dashboard as a PDF, using the local image path in the img tag in the source extensible markup language (XML) code for the Splunk classic dashboard.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-splunkSplunk Enterprisesplunk_enterprise
CWE ID-CWE-284
Improper Access Control
CVE-2024-45735
Matching Score-6
Assigner-Splunk Inc.
ShareView Details
Matching Score-6
Assigner-Splunk Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.35% / 26.86%
||
7 Day CHG~0.00%
Published-14 Oct, 2024 | 16:45
Updated-28 Feb, 2025 | 11:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control for low-privileged user in Splunk Secure Gateway App

In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-splunksplunk_cloud_platformSplunk Secure GatewaySplunk Enterprisesplunk_enterprisesplunk_secure_gateway
CWE ID-CWE-284
Improper Access Control
CVE-2024-36989
Matching Score-6
Assigner-Splunk Inc.
ShareView Details
Matching Score-6
Assigner-Splunk Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 19.50%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 16:30
Updated-28 Feb, 2025 | 11:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Low-privileged user could create notifications in Splunk Web Bulletin Messages

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-cloudsplunkSplunk Cloud PlatformSplunk Enterprise
CWE ID-CWE-284
Improper Access Control
CVE-2024-23675
Matching Score-6
Assigner-Splunk Inc.
ShareView Details
Matching Score-6
Assigner-Splunk Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.37% / 29.31%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 20:37
Updated-28 Feb, 2025 | 11:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion

In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-cloudsplunkSplunk CloudSplunk Enterprise
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-20203
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 4.76%
||
7 Day CHG~0.00%
Published-15 Apr, 2026 | 15:17
Updated-17 Apr, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Data Model Acceleration in Splunk Enterprise

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the `admin` or `power` Splunk roles, has write permission on the app, and does not hold the high-privilege capability `accelerate_datamodel`, could turn on or off Data Model Acceleration due to improper access control.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-splunksplunk_cloud_platformSplunk EnterpriseSplunk Cloud Platform
CWE ID-CWE-284
Improper Access Control
CVE-2026-20259
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 8.73%
||
7 Day CHG~0.00%
Published-10 Jun, 2026 | 17:16
Updated-12 Jun, 2026 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Splunk Enterprise

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-splunksplunk_cloud_platformSplunk EnterpriseSplunk Cloud Platform
CWE ID-CWE-284
Improper Access Control
CVE-2026-9522
Matching Score-4
Assigner-Devolutions Inc.
ShareView Details
Matching Score-4
Assigner-Devolutions Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 3.54%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 14:08
Updated-02 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations.

Action-Not Available
Vendor-Devolutions
Product-Server
CWE ID-CWE-284
Improper Access Control
CVE-2025-2499
Matching Score-4
Assigner-Devolutions Inc.
ShareView Details
Matching Score-4
Assigner-Devolutions Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.36% / 28.37%
||
7 Day CHG+0.02%
Published-26 Mar, 2025 | 17:14
Updated-02 Jul, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.

Action-Not Available
Vendor-Devolutions
Product-remote_desktop_managerRemote Desktop Manager
CWE ID-CWE-284
Improper Access Control
CVE-2026-56823
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 4.56%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 16:02
Updated-26 Jun, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AutoGPT: IDOR in Webhook Ping Endpoint Allows Enumeration and Cross-User Ping Triggering

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the `POST /api/integrations/webhooks/{webhook_id}/ping` endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the authenticated user. Any authenticated user can supply an arbitrary webhook_id to confirm webhook existence, leak the webhook's OAuth provider type, and in some cases trigger a ping delivery on behalf of another user. This vulnerability is fixed in .

Action-Not Available
Vendor-Significant-Gravitas
Product-AutoGPT
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2020-15079
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.58% / 43.43%
||
7 Day CHG~0.00%
Published-02 Jul, 2020 | 16:45
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper access control in PrestaShop

In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6

Action-Not Available
Vendor-PrestaShop S.A
Product-prestashopPrestaShop
CWE ID-CWE-284
Improper Access Control
CVE-2025-1391
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.38% / 29.80%
||
7 Day CHG~0.00%
Published-17 Feb, 2025 | 14:01
Updated-06 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak-services: improper authorization in keycloak organization mapper allows unauthorized organization claims

A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a user if their username or email matches the organization’s domain pattern. This issue occurs at the mapper level, leading to misrepresentation in tokens. If an application relies on these claims for authorization, it may incorrectly assume a user belongs to an organization they are not a member of, potentially granting unauthorized access or privileges.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Build of KeycloakRed Hat build of Keycloak 26.0
CWE ID-CWE-284
Improper Access Control
CVE-2022-36923
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-7.93% / 94.02%
||
7 Day CHG~0.00%
Published-10 Aug, 2022 | 14:17
Updated-24 Sep, 2025 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_opmanagermanageengine_opmanager_plusmanageengine_netflow_analyzermanageengine_opmanager_mspmanageengine_oputilsmanageengine_network_configuration_managermanageengine_firewall_analyzern/a
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2024-7424
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.32% / 23.96%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 07:33
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Page Generator Plugin – MPG <= 4.0.1 - Missing Authorization

The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke those functions intended for admin use resulting in subscribers being able to upload csv files and view the contents of MPG projects.

Action-Not Available
Vendor-Themeisle
Product-Multiple Page Generator Plugin – MPG
CWE ID-CWE-284
Improper Access Control
CVE-2022-3066
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.52% / 40.09%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 00:00
Updated-13 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-284
Improper Access Control
CVE-2022-28754
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.1||HIGH
EPSS-0.49% / 38.32%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 14:55
Updated-16 Sep, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom On-Premise Deployments: Improper Access Control Vulnerability

Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_connectorZoom On-Premise Meeting Connector MMR
CWE ID-CWE-284
Improper Access Control
CVE-2022-28753
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.1||HIGH
EPSS-0.46% / 36.53%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 14:55
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom On-Premise Deployments: Improper Access Control Vulnerability

Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_connectorZoom On-Premise Meeting Connector MMR
CWE ID-CWE-284
Improper Access Control
CVE-2024-45313
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.34% / 26.08%
||
7 Day CHG~0.00%
Published-02 Sep, 2024 | 16:54
Updated-25 Sep, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure default setting for Server Pro installed via Overleaf toolkit

Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security features via a configuration setting (`SIBLING_CONTAINERS_ENABLED` in Toolkit, `SANDBOXED_COMPILES` in legacy docker-compose/custom deployments). If these security features are not enabled then users have access to the `sharelatex` container resources (filesystem, network, environment variables) when running compiles, leading to multiple file access vulnerabilities, either directly or via symlinks created during compiles. The setting has now been changed to be secure by default for new installs in the Toolkit and legacy docker-compose deployment. The Overleaf Toolkit has been updated to set `SIBLING_CONTAINERS_ENABLED=true` by default for new installs. It is recommended that any existing installations using the previous default setting migrate to using sibling containers. Existing installations can set `SIBLING_CONTAINERS_ENABLED=true` in `config/overleaf.rc` as a mitigation. In legacy docker-compose/custom deployments `SANDBOXED_COMPILES=true` should be used.

Action-Not Available
Vendor-overleafoverleaf
Product-overleafoverleaf
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2024-41703
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.35% / 27.37%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 00:00
Updated-23 Aug, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibreChat through 0.7.4-rc1 has incorrect access control for message updates.

Action-Not Available
Vendor-librechatn/alibrechat
Product-librechatn/alibrechat
CWE ID-CWE-284
Improper Access Control
CVE-2024-39837
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-3.8||LOW
EPSS-0.28% / 20.07%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 14:05
Updated-04 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Malicious remote can create arbitrary channels

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled.

Action-Not Available
Vendor-Mattermost, Inc.
Product-mattermost_serverMattermost
CWE ID-CWE-284
Improper Access Control
CVE-2019-14902
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-1.52% / 71.53%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 00:00
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.

Action-Not Available
Vendor-[UNKNOWN]Canonical Ltd.Debian GNU/LinuxopenSUSESamba
Product-ubuntu_linuxdebian_linuxsambaleapsamba
CWE ID-CWE-284
Improper Access Control
CVE-2025-61761
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 5.93%
||
7 Day CHG~0.00%
Published-21 Oct, 2025 | 20:03
Updated-29 Oct, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Maintenance Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Maintenance Management accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise FIN Maintenance Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_fin_maintenance_managementPeopleSoft Enterprise FIN Maintenance Management
CWE ID-CWE-284
Improper Access Control
CVE-2022-26308
Matching Score-4
Assigner-Pandora FMS
ShareView Details
Matching Score-4
Assigner-Pandora FMS
CVSS Score-3.7||LOW
EPSS-0.33% / 25.11%
||
7 Day CHG~0.00%
Published-01 Aug, 2022 | 12:44
Updated-17 Sep, 2024 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Configuration (Credential store)

Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-284
Improper Access Control
CVE-2024-28968
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.4||MEDIUM
EPSS-0.35% / 26.88%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 15:01
Updated-06 Aug, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway-ApplicationSecure Connect Gateway-Appliancesecure_connect_gateway_applicationsecure_connect_gateway_appliance
CWE ID-CWE-284
Improper Access Control
CVE-2024-28967
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.4||MEDIUM
EPSS-0.35% / 26.88%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 14:57
Updated-06 Aug, 2024 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway-ApplicationSecure Connect Gateway-Appliancesecure_connect_gateway_applicationsecure_connect_gateway_appliance
CWE ID-CWE-284
Improper Access Control
CVE-2024-28966
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.4||MEDIUM
EPSS-0.35% / 26.88%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 14:51
Updated-06 Aug, 2024 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway-ApplicationSecure Connect Gateway-Appliance
CWE ID-CWE-284
Improper Access Control
CVE-2024-28965
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.4||MEDIUM
EPSS-0.35% / 26.88%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 14:47
Updated-06 Aug, 2024 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.

Action-Not Available
Vendor-Dell Inc.
Product-secure_connect_gatewaySecure Connect Gateway-ApplicationSecure Connect Gateway-Appliance
CWE ID-CWE-284
Improper Access Control
CVE-2024-2731
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
ShareView Details
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
CVSS Score-5.4||MEDIUM
EPSS-0.38% / 29.47%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 13:59
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control Issues Lead to Sensitive Data Exposure in Mautic

Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available.

Action-Not Available
Vendor-Mauticacquia
Product-Mauticmautic
CWE ID-CWE-284
Improper Access Control
CVE-2022-1656
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.51% / 39.94%
||
7 Day CHG+0.01%
Published-13 Jun, 2022 | 12:41
Updated-13 Feb, 2025 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JupiterX Theme <= 2.0.6 and JupiterX Core <= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification

Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin (<=2.0.6). This includes the ability to deactivate arbitrary plugins as well as update the theme’s API key.

Action-Not Available
Vendor-artbeesArtBees
Product-jupiter_x_corejupiterxJupiter X CoreJupiter X
CWE ID-CWE-284
Improper Access Control
CVE-2023-50344
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 19.55%
||
7 Day CHG~0.00%
Published-03 Jan, 2024 | 02:25
Updated-18 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated File Downloads affect DRYiCE MyXalytics

HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-dryice_myxalyticsDRYiCE MyXalytics
CWE ID-CWE-284
Improper Access Control
CVE-2026-48928
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-4.2||MEDIUM
EPSS-0.26% / 16.92%
||
7 Day CHG+0.01%
Published-26 Jun, 2026 | 01:14
Updated-26 Jun, 2026 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.

Action-Not Available
Vendor-Node.js (OpenJS Foundation)
Product-node.jsnode
CWE ID-CWE-284
Improper Access Control
CVE-2023-47325
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.42% / 33.91%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 00:00
Updated-22 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted spaces. The user can then restore or permanently delete the spaces.

Action-Not Available
Vendor-silverpeasn/a
Product-silverpeasn/a
CWE ID-CWE-284
Improper Access Control
CVE-2026-44783
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 4.36%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 20:23
Updated-17 Jun, 2026 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse: Replying to a whisper lets non-whisperers create staff-only whisper posts

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in whispers_allowed_groups to post into a topic's staff-only whisper channel. The injected content is visible to whisperers (typically staff) alongside legitimate whispers. Only sites that have whispers enabled are affected. This issue has been patched in versions 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-284
Improper Access Control
CVE-2026-41243
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.18% / 7.42%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 00:09
Updated-29 Apr, 2026 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenLearn's pending forum posts remain publicly readable by direct ID when moderation mode is enabled

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when `safeMode` is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit 844b2a40a69d0c4911580fe501923f0b391313ab fixes the issue.

Action-Not Available
Vendor-siemvksiemvk
Product-openlearnOpenLearn
CWE ID-CWE-284
Improper Access Control
CVE-2026-41487
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 7.90%
||
7 Day CHG~0.00%
Published-08 May, 2026 | 14:27
Updated-13 May, 2026 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Langfuse: Improper role-based-access control in Langfuse LLM connection management allowed users of role “member” to retrieve stored LLM provider API keys

Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the LLM connection update flow. An authenticated, low-privileged user of role “member” in a project could request the update of an existing LLM connection to an attacker-controlled baseUrl, causing Langfuse to reuse the stored provider secret and redirect the test request to an attacker-controlled endpoint. This could expose the plaintext provider LLM API key for that connection. The attack is only possible if a user is already part of a project and has “member” scoped access. This issue has been patched in version 3.167.0.

Action-Not Available
Vendor-langfuselangfuse
Product-langfuselangfuse
CWE ID-CWE-284
Improper Access Control
CVE-2023-3304
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.9||MEDIUM
EPSS-0.41% / 33.42%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 00:00
Updated-07 Nov, 2024 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in admidio/admidio

Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.

Action-Not Available
Vendor-Admidio
Product-admidioadmidio/admidioadmidio
CWE ID-CWE-284
Improper Access Control
CVE-2023-32238
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 6.25%
||
7 Day CHG~0.00%
Published-29 Dec, 2025 | 23:18
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TheGem theme < 5.8.1.1 - Broken Access Control vulnerability

Vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery).This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1.

Action-Not Available
Vendor-CodexThemes
Product-TheGem (WPBakery)TheGem (Elementor)
CWE ID-CWE-284
Improper Access Control
CVE-2026-39346
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 4.84%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 18:19
Updated-09 Apr, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OrangeHRM has Improper Access Control Allowing Access to Disabled Modules via URL Encoding

OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source allowed authenticated users to bypass disabled-module access controls via URL-encoded request paths and access functionality of modules disabled by an administrator. This vulnerability is fixed in 5.8.1.

Action-Not Available
Vendor-orangehrmorangehrm
Product-orangehrmorangehrm
CWE ID-CWE-284
Improper Access Control
CVE-2023-2944
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.3||MEDIUM
EPSS-0.45% / 35.83%
||
7 Day CHG~0.00%
Published-27 May, 2023 | 00:00
Updated-14 Jan, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in openemr/openemr

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

Action-Not Available
Vendor-OpenEMR Foundation, Inc
Product-openemropenemr/openemr
CWE ID-CWE-284
Improper Access Control
CVE-2022-0727
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.4||MEDIUM
EPSS-0.67% / 47.35%
||
7 Day CHG~0.00%
Published-23 Feb, 2022 | 13:20
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in chocobozzz/peertube

Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0.

Action-Not Available
Vendor-framasoftchocobozzz
Product-peertubechocobozzz/peertube
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-28218
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 4.62%
||
7 Day CHG~0.00%
Published-26 Feb, 2026 | 21:23
Updated-02 Mar, 2026 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse's Fail-Open Access Control in Data Explorer Plugin Allows Unauthorized SQL Query Execution

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, fail-open access control in Data Explorer plugin allows any authenticated user to execute SQL queries that have no explicit group assignments, including built-in system queries. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. As a workaround, either explicitly set group permissions on each Data Explorer query that doesn't have permissions, or disable discourse-data-explorer plugin.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-284
Improper Access Control
CVE-2023-41882
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.40% / 32.00%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 19:48
Updated-17 Sep, 2024 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
vantage6 Improper Access Control vulnerability

vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version 4.0.0, it is only checked if the user has permission to view the collaboration. Version 4.0.0 contains a patch. There are no known workarounds.

Action-Not Available
Vendor-vantage6vantage6
Product-vantage6vantage6
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-7055
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.47% / 37.08%
||
7 Day CHG~0.00%
Published-22 Dec, 2023 | 02:31
Updated-02 Aug, 2024 | 08:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Notes Sharing System Contact Information profile.php access control

A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-248742 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_notes_sharing_systemOnline Notes Sharing System
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2026-23496
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.27% / 17.86%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 16:58
Updated-30 Jan, 2026 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pimcore Web2Print Tools Bundle "Favourite Output Channel Configuration" Missing Function Level Authorization

Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that an authenticated backend user without explicitely lacking permissions for this feature was still able to successfully invoke the endpoint and modify or retrieve these configurations. This vulnerability is fixed in 5.2.2 and 6.1.1.

Action-Not Available
Vendor-Pimcore
Product-web2print_toolspimcore
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-65963
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 5.28%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 23:38
Updated-01 Dec, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CFiles Unauthorized Folder/ZIP Access in Public Spaces

Files is a module for managing files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users to create new folders, up- and download files as a ZIP archive in public spaces. Private spaces are not affected. This issue has been patched in versions 0.16.11 and 0.17.2.

Action-Not Available
Vendor-humhub
Product-cfiles
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-285
Improper Authorization
  • Previous
  • 1
  • 2
  • Next
Details not found