All CosmicBytez Labs articles tagged #Access Control, across news, security advisories, how-to guides, and projects.
A critical access control vulnerability in OpENer 2.3.0 allows unauthenticated attackers to send privileged encapsulation commands using arbitrary session handles, bypassing session ownership validation. CVSS 9.1.
A high-severity improper privilege management flaw in SourceCodester's Online Examination and Learning Management System 1.0 allows remote attackers to...
The original shadow AI concern — employees pasting sensitive data into public tools — has been overtaken by a more dangerous problem: unsanctioned AI apps...
A security researcher discovered that FIFA's unenforced Microsoft Entra access controls could have allowed an attacker to hijack live World Cup broadcast...
HaPe PKH 1.1, a PHP-based web application, fails to enforce authorization on its record deletion endpoints, allowing unauthenticated attackers to...
A critical CVSS 9.1 access control flaw in the WP Travel Pro WordPress plugin allows unauthenticated attackers to delete any user account — including...
A CVSS 10.0 improper access control flaw in UniFi OS allows any network-accessible attacker to make unauthorized changes to the underlying system with no...
A critical improper access control flaw in Azure Managed Instance for Apache Cassandra allows an authorized network attacker to execute arbitrary code,...
A critical privilege escalation vulnerability in Microsoft Partner Center allows an authorized attacker to elevate their privileges over a network,...
A critical improper access control vulnerability in EspoCRM's built-in formula scripting engine allows authenticated administrators to overwrite the...
A critical insecure direct object reference vulnerability allows authenticated users to pivot to any other user's profile by modifying an id parameter in...