Weaknesses of type CWE-284

4,394 results
CVE-2024-29836CRITICALBroken Authentication on USER_CHANGE in Evolution Controller allows unauthenticated account creation and takeoverEPSS 0.6%CVE-2023-47579Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the oEPSS 0.6%CVE-2024-1230MEDIUMSimpleShop <= 2.10.0 - Cross-Site Request ForgeryEPSS 0.6%CVE-2025-24272MEDIUMThe issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app mEPSS 0.6%CVE-2024-12984MEDIUMAmcrest IP2M-841B Web Interface webCapsConfig information disclosureEPSS 0.6%CVE-2024-25981MEDIUMMsa-24-0004: forum export did not respect activity group settingsEPSS 0.6%CVE-2024-25811MEDIUMAn access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information.EPSS 0.6%CVE-2023-50702HIGHSikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users (and low-privileged uEPSS 0.6%CVE-2024-45133LOWAdobe Commerce | Improper Access Control (CWE-284)EPSS 0.6%CVE-2024-38371HIGHInsufficient access control for OAuth2 Device Code flow in authentikEPSS 0.6%CVE-2025-66956CRITICALInsecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and executeEPSS 0.6%CVE-2023-30582MEDIUMA vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flaEPSS 0.6%CVE-2025-54391CRITICALA vulnerability in the EnableTwoFactorAuthRequest SOAP endpoint of Zimbra Collaboration (ZCS) allows an attacker with valid user credentialsEPSS 0.6%CVE-2025-24968HIGHBusiness Logic And Unrestricted Project Deletion Lead To Take Over the System in reNgineEPSS 0.6%CVE-2025-29515CRITICALIncorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modiEPSS 0.6%CVE-2020-15079MEDIUMImproper access control in PrestaShopEPSS 0.6%CVE-2025-48986HIGHAuthorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email addreEPSS 0.6%CVE-2021-46304MEDIUMA vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70°C (AlEPSS 0.6%CVE-2022-2578MEDIUMSourceCodester Garage Management System createUser.php access controlEPSS 0.6%CVE-2022-28758HIGHZoom On-Premise Deployments: Improper Access ControlEPSS 0.6%