Weaknesses of type CWE-284
4,356 resultsCVE-2024-0411MEDIUMDeShang DSMall HTTP GET Request install.php access controlEPSS 2.2%CVE-2019-1660MEDIUMCisco TelePresence Management Suite Simple Object Access Protocol VulnerabilityEPSS 2.2%CVE-2019-1666MEDIUMCisco HyperFlex Unauthenticated Statistics Retrieval VulnerabilityEPSS 2.2%CVE-2019-3927—Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iEPSS 2.2%CVE-2025-59517HIGHWindows Storage VSP Driver Elevation of Privilege VulnerabilityEPSS 2.2%CVE-2019-7611—A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disEPSS 2.1%CVE-2019-3936—Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port EPSS 2.1%CVE-2023-28531—ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected vEPSS 2.1%CVE-2025-28367MEDIUMmojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploEPSS 2.1%CVE-2025-29810HIGHActive Directory Domain Services Elevation of Privilege VulnerabilityEPSS 2.1%CVE-2021-24219—All Thrive Themes and Plugins - Unauthenticated Option UpdateEPSS 2.1%CVE-2019-11780HIGHImproper access control in the computed fields system of the framework of Odoo Community 13.0 and Odoo Enterprise 13.0 allows remote authentEPSS 2.1%CVE-2020-8207—Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the autoEPSS 2.1%CVE-2021-36036HIGHMagento Commerce Media Gallery Upload Improper Access Control Could Lead To Remote Code ExecutionEPSS 2.1%CVE-2026-21262HIGHSQL Server Elevation of Privilege VulnerabilityEPSS 2.0%CVE-2021-35221MEDIUMImportAlert Improper Access Control Tampering VulnerabilityEPSS 2.0%CVE-2024-8805HIGHBlueZ HID over GATT Profile Improper Access Control Remote Code Execution VulnerabilityEPSS 2.0%CVE-2025-23243MEDIUMNVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability mEPSS 2.0%CVE-2020-25654—An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communiEPSS 2.0%CVE-2020-7545—A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security EPSS 2.0%