Weaknesses of type CWE-284
4,408 resultsCVE-2025-8025CRITICALImproper Access Control in Dinosoft Business Solutions' Dinosoft ERPEPSS 0.5%CVE-2026-20825MEDIUMWindows Hyper-V Information Disclosure VulnerabilityEPSS 0.5%CVE-2024-50653HIGHCRMEB <=5.4.0 is vulnerable to Incorrect Access Control. Users can bypass the front-end restriction of only being able to claim coupons onceEPSS 0.5%CVE-2022-1656MEDIUMJupiterX Theme <= 2.0.6 and JupiterX Core <= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings ModificationEPSS 0.5%CVE-2024-38162HIGHAzure Connected Machine Agent Elevation of Privilege VulnerabilityEPSS 0.5%CVE-2022-46754HIGH
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access cerEPSS 0.5%CVE-2025-21405HIGHVisual Studio Elevation of Privilege VulnerabilityEPSS 0.5%CVE-2026-33622MEDIUMA PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript ExecutionEPSS 0.5%CVE-2024-11054MEDIUMSourceCodester Simple Music Cloud Community System ajax.php unrestricted uploadEPSS 0.5%CVE-2024-20373MEDIUMCisco IOS and Cisco IOS XE SNMP Extended ACL Bypass VulnerabilityEPSS 0.5%CVE-2026-23877MEDIUMDirectory Traversal & Filesystem can be accessed by a non-admin userEPSS 0.5%CVE-2023-1486MEDIUMLespeed WiseCleaner Wise Force Deleter IoControlCode WiseUnlock64.sys 0x220004 access controlEPSS 0.5%CVE-2025-39247HIGHThere is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the adEPSS 0.5%CVE-2024-33666HIGHAn issue was discovered in Zammad before 6.3.0. Users with customer access to a ticket could have accessed time accounting details of this tEPSS 0.5%CVE-2024-37677HIGHAn issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitivEPSS 0.5%CVE-2022-28760MEDIUMZoom On-Premise Deployments: Improper Access ControlEPSS 0.5%CVE-2024-29837HIGHPoor session management in Evolution Controller allows administrator functionality for unauthenticated connectionsEPSS 0.5%CVE-2024-11483MEDIUMAutomation-gateway: aap-gateway: improper scope handling in oauth2 tokens for aap 2.5EPSS 0.5%CVE-2026-22909HIGHCertain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, EPSS 0.5%CVE-2025-4119MEDIUMWeitong Mall Product Statistics queryTotal access controlEPSS 0.5%