Weaknesses of type CWE-284
4,373 resultsCVE-2023-25161LOWNextcloud Server's missing rate limiting on password reset functionality allows sending lots of emailsEPSS 0.7%CVE-2024-56195MEDIUMApache Traffic Server: Intercept plugins are not access controlledEPSS 0.7%CVE-2023-40850—netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security EPSS 0.7%CVE-2025-43232CRITICALA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS VenturEPSS 0.7%CVE-2020-15102MEDIUMImproper access control on dashboard form in PrestaShopEPSS 0.7%CVE-2019-15998MEDIUMCisco IOS XR Software NETCONF Over Secure Shell ACL Bypass VulnerabilityEPSS 0.7%CVE-2024-7921MEDIUMAnhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetDataList access controlEPSS 0.7%CVE-2024-21418HIGHSoftware for Open Networking in the Cloud (SONiC) Elevation of Privilege VulnerabilityEPSS 0.7%CVE-2018-17921—SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without EPSS 0.7%CVE-2024-7920MEDIUMAnhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 GetParkInThroughDeivces access controlEPSS 0.7%CVE-2021-26909LOWAutomox Agent Guessable S3 Bucket EndpointEPSS 0.7%CVE-2021-3864—A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is aEPSS 0.7%CVE-2024-13104MEDIUMD-Link DIR-816 A2 WiFi Settings form2AdvanceSetup.cgi access controlEPSS 0.7%CVE-2026-46840CRITICALVulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. EasilEPSS 0.7%CVE-2023-22805MEDIUMCVE-2023-22805EPSS 0.7%CVE-2025-7076MEDIUMBlackVue Dashcam 590X Configuration upload.cgi access controlEPSS 0.7%CVE-2024-21071CRITICALVulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that aEPSS 0.7%CVE-2023-22903CRITICALapi/views/user.py in LibrePhotos before e19e539 has incorrect access control.EPSS 0.7%CVE-2023-30583HIGHfs.openAsBlob() can bypass the experimental permission model when using the file system read restriction with the `--allow-fs-read` flag in EPSS 0.7%CVE-2024-21436HIGHWindows Installer Elevation of Privilege VulnerabilityEPSS 0.7%