Weaknesses of type CWE-284
4,356 resultsCVE-2023-4169MEDIUMRuijie RG-EW1200G Administrator Password set_passwd access controlEPSS 47.1%CVE-2026-21962CRITICALVulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic ServeEPSS 42.7%CVE-2024-21644HIGHpyLoad unauthenticated flask configuration leakageEPSS 42.2%CVE-2012-6435HIGHRockwell Automation ControlLogix PLC Improper Access ControlEPSS 41.9%CVE-2022-23513MEDIUMPi-Hole/AdminLTE vulnerable due to improper access control in queryads endpointEPSS 40.2%CVE-2025-31486MEDIUMVite allows server.fs.deny to be bypassed with .svg or relative pathsEPSS 35.2%CVE-2024-24824HIGHgraylog2-server vulnerable to instantiation of arbitrary classes triggered by API requestEPSS 34.5%CVE-2012-6442HIGHRockwell Automation ControlLogix PLC Improper Access ControlEPSS 32.8%CVE-2024-10124CRITICALVayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/ActivationEPSS 31.2%CVE-2021-24146—Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events ExportEPSS 31.0%CVE-2012-6439—Rockwell Automation ControlLogix PLC Improper Access ControlEPSS 28.3%CVE-2025-63387HIGHDify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send HTTP GET requests to the /console/api/systeEPSS 28.0%CVE-2023-22960HIGHLexmark products through 2023-01-10 have Improper Control of Interaction Frequency.EPSS 27.8%CVE-2024-13106MEDIUMD-Link DIR-816 A2 IP QoS form2IPQoSTcAdd access controlEPSS 27.2%CVE-2021-4119MEDIUMImproper Access Control in bookstackapp/bookstackEPSS 26.9%CVE-2024-27497HIGHLinksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.EPSS 26.5%CVE-2020-8196MEDIUMImproper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and CEPSS 26.3%KEVCVE-2024-55963MEDIUMAn issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the restart API on AppsmEPSS 25.0%CVE-2024-25830CRITICALF-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remoteEPSS 24.0%CVE-2024-34112HIGHColdFusion CFDOCUMENT file retrieval / access control bypassEPSS 23.7%