Weaknesses of type CWE-284
4,457 resultsCVE-2025-65096MEDIUMRomM Insecure Direct Object Reference (IDOR) Allows Unauthorized Access to Private CollectionsEPSS 0.2%CVE-2022-29871MEDIUMImproper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enaEPSS 0.2%CVE-2023-39432MEDIUMImproper access control element in some Intel(R) Ethernet tools and driver install software, before versions 28.2, may allow an authenticateEPSS 0.2%CVE-2023-22311MEDIUMImproper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticaEPSS 0.2%CVE-2022-36789HIGHImproper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FEPSS 0.2%CVE-2023-25496HIGHA privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to executEPSS 0.2%CVE-2022-38786MEDIUMImproper access control in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentiaEPSS 0.2%CVE-2024-41934MEDIUMImproper access control in some Intel(R) GPA software before version 2024.3 may allow an authenticated user to potentially enable denial of EPSS 0.2%CVE-2023-32238MEDIUMWordPress TheGem theme < 5.8.1.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2023-31271MEDIUMImproper access control in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalEPSS 0.2%CVE-2023-25174MEDIUMImproper access control in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentialEPSS 0.2%CVE-2025-50108MEDIUMVulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Workspace). The supported version that is EPSS 0.2%CVE-2022-39889MEDIUMImproper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to accessEPSS 0.2%CVE-2026-41847MEDIUMSpring Framework Security Filter Bypass in WebFlux Kotlin Router DSLEPSS 0.2%CVE-2025-64746MEDIUMDirectus has Improper Permission Handling on Deleted FieldsEPSS 0.2%CVE-2026-11026MEDIUMInappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malEPSS 0.2%CVE-2023-31019HIGHCVEEPSS 0.2%CVE-2025-60982MEDIUMIDOR vulnerability in Educare ERP 1.0 (2025-04-22) allows unauthorized access to sensitive data via manipulated object references. Affected EPSS 0.2%CVE-2023-28396MEDIUMImproper access control in firmware for some Intel(R) Thunderbol(TM) Controllers versions before 41 may allow a privileged user to enable deEPSS 0.2%CVE-2022-41261MEDIUMSAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensiEPSS 0.2%