CWE-284 (访问控制不恰当) — Vulnerability Class 2041

2041 vulnerabilities classified as CWE-284 (访问控制不恰当). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-53111	GLPI exposes data to non-allowed users — glpi	6.5	Medium	2025-07-30
CVE-2025-27724	MedDream PACS Premium 访问控制错误漏洞 — MedDream PACS Premium	9.3	Critical	2025-07-28
CVE-2025-6741	Devolutions Server 访问控制错误漏洞 — Server	6.5	-	2025-07-22
CVE-2024-32124	Fortinet FortiIsolator 访问控制错误漏洞 — FortiIsolator	4.0	Medium	2025-07-18
CVE-2025-7576	Teledyne FLIR FB-Series O/FLIR FH-Series ID Production Tools production.html access control — FLIR FB-Series O	7.3	High	2025-07-14
CVE-2025-7552	Dromara Northstar Path AuthorizationInterceptor.java preHandle access control — Northstar	6.3	Medium	2025-07-13
CVE-2025-52963	Junos OS: A low-privileged user can disable an interface — Junos OS	5.5	Medium	2025-07-11
CVE-2025-23048	Apache HTTP Server: mod_ssl access control bypass with session resumption — Apache HTTP Server	8.1^AI	High^AI	2025-07-10
CVE-2025-49546	ColdFusion \| Improper Access Control (CWE-284) — ColdFusion	2.4	Low	2025-07-08
CVE-2025-47993	Microsoft PC Manager Elevation of Privilege Vulnerability — Windows 11 Version 24H2	7.8	High	2025-07-08
CVE-2025-23365	Siemens TIA Administrator 访问控制错误漏洞 — TIA Administrator	7.8	High	2025-07-08
CVE-2025-20323	Missing Access Control of Saved Searches in the Splunk Archiver app — Splunk Enterprise	4.3	Medium	2025-07-07
CVE-2025-20324	Improper Access Control in System Source Types Configuration in Splunk Enterprise — Splunk Enterprise	5.4	Medium	2025-07-07
CVE-2025-7076	BlackVue Dashcam 590X Configuration upload.cgi access control — Dashcam 590X	5.4	Medium	2025-07-06
CVE-2025-6786	DocCheck Login <= 1.1.5 - Unauthorized Post Access — DocCheck Login	5.3	Medium	2025-07-04
CVE-2025-53501	Content Access Bypass in Scribunto — Mediawiki - Scribunto Extension	6.5^AI	Medium^AI	2025-07-03
CVE-2025-27153	Escalade GLPI Plugin Vulnerable to Improper Access Control — escalade	6.5	Medium	2025-07-01
CVE-2023-28907	A lack of access restrictions on internal memory regions — Volkswagen MIB3 infotainment system MIB3 OI MQB	6.7	Medium	2025-06-28
CVE-2023-29113	A lack of access control in custom IPC mechanism — Volkswagen MIB3 infotainment system MIB3 OI MQB	6.3	Medium	2025-06-28
CVE-2025-6443	Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability — RouterOS	9.8^AI	Critical^AI	2025-06-25
CVE-2025-6532	NOYAFA/Xiami LF9 Pro RTSP Live Video Stream Endpoint access control — LF9 Pro	4.3	Medium	2025-06-24
CVE-2025-6531	SIFUSM/MZZYG BD S1 RTSP Live Video Stream Endpoint access control — BD S1	4.3	Medium	2025-06-23
CVE-2025-6527	70mai M300 Web Server access control — M300	3.1	Low	2025-06-23
CVE-2025-31698	Apache Traffic Server: Client IP address from PROXY protocol is not used for ACL — Apache Traffic Server	-	-^AI	2025-06-19
CVE-2025-49591	CryptPad 2FA Bypass Vulnerability — cryptpad	9.8^AI	Critical^AI	2025-06-18
CVE-2025-49154	Trend Micro Apex One和Trend Micro Worry-Free Business Security Services 安全漏洞 — Trend Micro Apex One	8.7	High	2025-06-17
CVE-2025-27689	Dell iDRAC 访问控制错误漏洞 — iDRAC Tools	7.8	High	2025-06-12
CVE-2025-46889	Adobe Experience Manager \| Improper Access Control (CWE-284) — Adobe Experience Manager	5.4	Medium	2025-06-10
CVE-2025-33073	Windows SMB Client Elevation of Privilege Vulnerability — Windows 10 Version 1507	8.8	High	2025-06-10
CVE-2025-33056	Windows Local Security Authority (LSA) Denial of Service Vulnerability — Windows 10 Version 1507	7.5	High	2025-06-10

Vulnerabilities classified as CWE-284 (访问控制不恰当) represent 2041 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-284 (访问控制不恰当) — Vulnerability Class 2041