Weaknesses of type CWE-284

4,383 results
CVE-2024-54533HIGHA permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.5, macOEPSS 0.6%CVE-2024-45170HIGHAn issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can EPSS 0.6%CVE-2025-23367MEDIUMOrg.wildfly.core:wildfly-server: wildfly improper rbac permissionEPSS 0.6%CVE-2025-28229CRITICALIncorrect access control in Orban OPTIMOD 5950 Firmware v1.0.0.2 and System v2.2.15 allows attackers to bypass authentication and gain AdminEPSS 0.6%CVE-2025-50900CRITICALAn issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affectEPSS 0.6%CVE-2024-21767CRITICALCommend WS203VICM Improper Access ControlEPSS 0.6%CVE-2025-0702MEDIUMJoeyBling bootplus SysFileController.java unrestricted uploadEPSS 0.6%CVE-2024-0356MEDIUMMandelo ssm_shiro_blog Backend updateRoles access controlEPSS 0.6%CVE-2024-10994MEDIUMCodezips Online Institute Management System edit_user.php unrestricted uploadEPSS 0.6%CVE-2024-28120MEDIUMAPI key leak in codeium-chromeEPSS 0.6%CVE-2016-10549Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration wEPSS 0.6%CVE-2021-24500Workreap theme < 2.2.2 - Multiple CSRF + IDOR VulnerabilitiesEPSS 0.6%CVE-2023-43696HIGH Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous acceEPSS 0.6%CVE-2021-34753MEDIUMCisco Firepower Threat Defense Ethernet Industrial Protocol Policy Bypass VulnerabilitiesEPSS 0.6%CVE-2019-5014MEDIUMAn exploitable improper access control vulnerability exists in the bluetooth low energy functionality of Winco Fireworks FireFly FW-1007 V2.EPSS 0.6%CVE-2023-7223MEDIUMTotolink T6 cstecgi.cgi access controlEPSS 0.6%CVE-2021-35249MEDIUMDomain Admin Broken Access ControlEPSS 0.6%CVE-2015-10057MEDIUMLittle Apps Little Software Stats Password Reset class.securelogin.php access controlEPSS 0.6%CVE-2023-47031CRITICALAn issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsersEPSS 0.6%CVE-2022-44037HIGHAn access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allowEPSS 0.6%