Weaknesses of type CWE-284
4,367 resultsCVE-2021-36776HIGHSteve API proxy impersonationEPSS 1.1%CVE-2024-13107MEDIUMD-Link DIR-816 A2 ACL form2LocalAclEditcfg.cgi access controlEPSS 1.1%CVE-2021-40130MEDIUMCisco Common Services Platform Collector Improper Logging Restriction VulnerabilityEPSS 1.1%CVE-2020-3312MEDIUMCisco Firepower Threat Defense Software Information Disclosure VulnerabilityEPSS 1.1%CVE-2020-7578—A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). AuthenticaEPSS 1.1%CVE-2017-6866—A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated lowEPSS 1.1%CVE-2020-12030CRITICALEmerson WirelessHART GatewayEPSS 1.1%CVE-2024-32418CRITICALAn issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component.EPSS 1.1%CVE-2021-27444CRITICALWeintek EasyWeb cMT Improper Access ControlEPSS 1.1%CVE-2019-15589—An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to usEPSS 1.1%CVE-2025-29804HIGHVisual Studio Elevation of Privilege VulnerabilityEPSS 1.1%CVE-2024-43477HIGHMicrosoft Entra ID Elevation of Privilege VulnerabilityEPSS 1.0%CVE-2022-26346CRITICALA denial of service vulnerability exists in the ucloud_del_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafteEPSS 1.0%CVE-2015-9243—When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher leveEPSS 1.0%CVE-2024-22187CRITICALA write-what-where vulnerability exists in the Programming Software Connection Remote Memory Diagnostics functionality of AutomationDirect PEPSS 1.0%CVE-2020-13677—Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintendEPSS 1.0%CVE-2017-15891—Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modiEPSS 1.0%CVE-2023-21968LOWVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versionsEPSS 1.0%CVE-2020-8121—A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.EPSS 1.0%CVE-2025-4904MEDIUMD-Link DI-7003GV2 webgl.data sub_41F0FC information disclosureEPSS 1.0%