CVE Daily
← All tags

Tag: Security Misconfiguration

All CVEs associated with "Security Misconfiguration". Page 2/2 • 184 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-06-10
Medium

CVE-2025-22256

A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows att…

CVSS: 6.3 CWE: CWE-280
Read more
2025-06-06
Medium

CVE-2025-30974

Missing Authorization vulnerability in Akhtarujjaman Shuvo Post Grid Master allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Grid Master: from n/a thro…

CVSS: 4.3 CWE: CWE-862
Read more
2025-06-05
Medium

CVE-2025-48133

Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through 6.4…

CVSS: 6.5 CWE: CWE-862
Read more
2025-06-04
Medium

CVE-2025-20259

Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device. These…

CVSS: 5.3 CWE: CWE-22
Read more
2025-05-15
Medium

CVE-2025-47580

Missing Authorization vulnerability in Rustaurius Front End Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Front End Users: from n/a through 3.2.32.

CVSS: 5.4 CWE: CWE-862
Read more
2025-05-13
Critical

CVE-2025-43564

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could lev…

CVSS: 9.1 CWE: CWE-863
Read more
Critical

CVE-2025-43563

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could lev…

CVSS: 9.1 CWE: CWE-284
Read more
2025-05-07
Medium

CVE-2025-20213

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an af…

CVSS: 5.5 CWE: CWE-78
Read more
2025-05-03
Medium

CVE-2025-1495

IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.

CVSS: 4.3 CWE: CWE-306
Read more
2025-04-09
Medium

CVE-2025-26901

Missing Authorization vulnerability in Brizy Brizy Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy Pro: from n/a through 2.6.1.

CVSS: 4.3 CWE: CWE-862
Read more
2025-04-08
Critical

CVE-2025-30281

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could lever…

CVSS: 9.1 CWE: CWE-284
Read more
2025-03-27
High

CVE-2025-2242

An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin bef…

CVSS: 7.5 CWE: CWE-863
Read more
2025-03-26
Medium

CVE-2025-20230

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not…

CVSS: 4.3 CWE: CWE-284
Read more
Low

CVE-2025-20233

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the `chmod` and `makedirs` Python functions in a way that resulted in overly broad read and execute permission…

CVSS: 2.5 CWE: CWE-732
Read more
High

CVE-2025-20229

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not…

CVSS: 8.0 CWE: CWE-284
Read more
2025-03-20
Medium

CVE-2025-2553

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been rated as problematic. This issue affects some unknown processing of the file /goform/formVirtualServ. The manipulation…

CVSS: 4.3 CWE: CWE-266
Read more
Medium

CVE-2025-2552

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/formTcpipSetup. The manipulation l…

CVSS: 4.3 CWE: CWE-266
Read more
Medium

CVE-2025-2551

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been classified as problematic. This affects an unknown part of the file /goform/formSetPortTr. The manipulation leads to im…

CVSS: 4.3 CWE: CWE-266
Read more
Medium

CVE-2025-2550

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/formSetDDNS of the component…

CVSS: 4.3 CWE: CWE-266
Read more
Medium

CVE-2025-2549

A vulnerability has been found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/formSetPassword.…

CVSS: 4.3 CWE: CWE-266
Read more
Medium

CVE-2025-2548

A vulnerability, which was classified as problematic, was found in D-Link DIR-618 and DIR-605L 2.02/3.02. Affected is an unknown function of the file /goform/formSetDomainFilter. The manipulation lea…

CVSS: 4.3 CWE: CWE-266
Read more
Medium

CVE-2025-2547

A vulnerability, which was classified as problematic, has been found in D-Link DIR-618 and DIR-605L 2.02/3.02. This issue affects some unknown processing of the file /goform/formAdvNetwork. The manip…

CVSS: 4.3 CWE: CWE-266
Read more
Medium

CVE-2025-2546

A vulnerability classified as problematic was found in D-Link DIR-618 and DIR-605L 2.02/3.02. This vulnerability affects unknown code of the file /goform/formAdvFirewall of the component Firewall Ser…

CVSS: 4.3 CWE: CWE-266
Read more
High

CVE-2024-8024

A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive inform…

CVSS: 7.5 CWE: CWE-346
Read more
Medium

CVE-2024-7046

An improper access control vulnerability in open-webui/open-webui v0.3.8 allows an attacker to view admin details. The application does not verify whether the attacker is an administrator, allowing t…

CVSS: 4.3 CWE: CWE-475
Read more
Medium

CVE-2024-7045

In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker is an administrator, al…

CVSS: 4.3 CWE: CWE-1100
Read more
High

CVE-2024-7043

An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is an administrator, allow…

CVSS: 8.8 CWE: CWE-821
Read more
Medium

CVE-2024-7040

In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. On the frontend admin page, administrators are intended to view only the chats of non-admin members. How…

CVSS: 4.9 CWE: CWE-284
Read more
Medium

CVE-2024-11167

An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows authenticated users to delete other users' prompts via the groupid parameter. This issue occurs becaus…

CVSS: 5.3 CWE: CWE-639
Read more
Medium

CVE-2024-10366

An improper access control vulnerability (IDOR) exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachmen…

CVSS: 6.5 CWE: CWE-639
Read more
2025-03-18
Critical

CVE-2023-47539

An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login…

CVSS: 9.8 CWE: CWE-284
Read more
2025-03-17
Medium

CVE-2021-32584

An improper access control (CWE-284) vulnerability in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 and below, version 8.2.7 to 8.2.4, version 8.1.3 may allo…

CVSS: 5.3 CWE: CWE-284
Read more
2025-03-12
Medium

CVE-2024-13870

An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, po…

CVSS: 5.7 CWE: CWE-1328
Read more
2025-03-09
Medium

CVE-2025-2121

A vulnerability classified as critical has been found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected is an unknown function of the component File Storage. The manipulation leads to improp…

CVSS: 6.3 CWE: CWE-266
Read more
2025-03-06
Medium

CVE-2025-20924

Improper access control in Samsung Notes prior to version 4.4.26.71 allows physical attackers to access data across multiple user profiles.

CVSS: 4.6 CWE: N/A
Read more
2025-02-11
Medium

CVE-2024-40586

An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiS…

CVSS: 6.7 CWE: CWE-284
Read more
2025-02-08
Medium

CVE-2024-54176

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authent…

CVSS: 4.3 CWE: CWE-306
Read more
2025-02-04
Medium

CVE-2025-20894

Improper access control in Samsung Email prior to version 6.1.97.1 allows physical attackers to access data across multiple user profiles.

CVSS: 4.6 CWE: N/A
Read more
2025-01-20
Medium

CVE-2024-22348

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensiti…

CVSS: 5.3 CWE: CWE-942
Read more
2025-01-07
Medium

CVE-2024-56276

Missing Authorization vulnerability in WPForms Contact Form by WPForms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a thr…

CVSS: 4.3 CWE: CWE-862
Read more
2024-12-30
High

CVE-2024-13030

A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/S…

CVSS: 7.3 CWE: CWE-266
Read more
2024-12-13
Medium

CVE-2024-12553

GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision…

CVSS: 6.5 CWE: CWE-862
Read more
2024-12-09
Medium

CVE-2023-49756

Missing Authorization vulnerability in Themewinter Eventin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventin: from n/a through 3.3.52.

CVSS: 5.4 CWE: CWE-862
Read more
2024-11-27
Medium

CVE-2024-21703

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerab…

CVSS: 6.4 CWE: CWE-732
Read more
2024-11-19
Medium

CVE-2024-52359

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be reserved to administrator used due to improper access controls.

CVSS: 4.3 CWE: CWE-286
Read more
2024-11-15
Medium

CVE-2023-20093

Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These…

CVSS: 4.4 CWE: CWE-61
Read more
Medium

CVE-2023-20092

Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These…

CVSS: 4.4 CWE: CWE-61
Read more
Medium

CVE-2023-20091

A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulner…

CVSS: 5.1 CWE: CWE-61
Read more
Medium

CVE-2023-20090

A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access c…

CVSS: 6.7 CWE: CWE-27
Read more
Medium

CVE-2023-20004

Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These…

CVSS: 4.4 CWE: CWE-59
Read more
2024-11-01
Medium

CVE-2024-43223

Missing Authorization vulnerability in EventPrime Events EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 4.0.3.2.

CVSS: 4.3 CWE: CWE-862
Read more
High

CVE-2024-37470

Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8.

CVSS: 8.2 CWE: CWE-862
Read more
Medium

CVE-2024-37119

Missing Authorization vulnerability in Uncanny Owl Uncanny Automator Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator Pro: from n/a thr…

CVSS: 5.3 CWE: CWE-862
Read more
2024-10-22
High

CVE-2024-48903

An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first ob…

CVSS: 7.8 CWE: CWE-269
Read more
2024-08-28
Medium

CVE-2024-20279

A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of d…

CVSS: 4.3 CWE: CWE-284
Read more
2024-07-11
High

CVE-2024-39546

A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain…

CVSS: 7.3 CWE: CWE-862
Read more
2024-07-09
High

CVE-2024-5549

A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services…

CVSS: 8.1 CWE: CWE-346
Read more
2024-06-14
Medium

CVE-2024-37312

user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is availab…

CVSS: 6.3 CWE: CWE-284
Read more
2024-04-10
High

CVE-2024-2217

gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. This vulnerability is present in both authenticated and unauthenticated ve…

CVSS: 7.5 CWE: CWE-284
Read more
2024-03-28
Critical

CVE-2024-29241

Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information…

CVSS: 9.9 CWE: CWE-862
Read more
Medium

CVE-2024-29240

Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited denial-of-se…

CVSS: 4.3 CWE: CWE-862
Read more
2023-11-15
High

CVE-2023-31100

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: * from 4.3.0.0 before 4.3.0…

CVSS: 8.4 CWE: CWE-284
Read more
2021-10-06
Medium

CVE-2021-34782

A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid…

CVSS: 4.3 CWE: CWE-202
Read more
2021-05-25
Critical

CVE-2021-30190

CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.

CVSS: 9.8 CWE: CWE-306
Read more