Weaknesses of type CWE-284
4,370 resultsCVE-2023-23923—Moodle: possible to set the preferred "start page" of other usersEPSS 1.0%CVE-2023-22250MEDIUMAdobe Commerce Improper Access Control Security feature bypassEPSS 1.0%CVE-2018-16466—Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acEPSS 1.0%CVE-2023-36644HIGHIncorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the EPSS 1.0%CVE-2024-2481MEDIUMSurya2Developer Hostel Management System manage-students.php access controlEPSS 1.0%CVE-2019-6144—This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP andEPSS 1.0%CVE-2022-32789MEDIUMA logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to bypass Privacy preferencEPSS 0.9%CVE-2023-48239HIGHNextcloud Server users can make external storage mount points inaccessible for other usersEPSS 0.9%CVE-2023-25821MEDIUMNextcloud download permissions can be changed by resharerEPSS 0.9%CVE-2024-0795HIGHCreate user API role not enforced EPSS 0.9%CVE-2021-23233HIGHFresenius Kabi Agilia Connect Infusion System EPSS 0.9%CVE-2022-4703MEDIUMRoyal Elementor Addons <= 1.3.59 - Insufficient Access Control to Import DeletionEPSS 0.9%CVE-2024-26203HIGHAzure Data Studio Elevation of Privilege VulnerabilityEPSS 0.9%CVE-2025-4468MEDIUMSourceCodester Online Student Clearance System edit-photo.php unrestricted uploadEPSS 0.9%CVE-2023-37478HIGHpnpm incorrectly parses tar archives relative to specificationEPSS 0.9%CVE-2022-2631CRITICALImproper Access Control in tooljet/tooljetEPSS 0.9%CVE-2021-28798HIGHRelative Path Traversal Vulnerability in QTS and QuTS heroEPSS 0.9%CVE-2025-48817HIGHRemote Desktop Client Remote Code Execution VulnerabilityEPSS 0.9%CVE-2021-25956MEDIUMImproper User Access Control in "Dolibarr" Leads to Account TakeoverEPSS 0.9%CVE-2025-25968MEDIUMDDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitEPSS 0.9%