Weaknesses of type CWE-284
4,427 resultsCVE-2024-13210MEDIUMdonglight bookstore电商书城系统说明 AdminBookController. java uploadPicture unrestricted uploadEPSS 0.5%CVE-2019-10166HIGHIt was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManaEPSS 0.5%CVE-2026-28876HIGHA parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.7.7 and iPadOSEPSS 0.5%CVE-2024-47910HIGHAn issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modEPSS 0.5%CVE-2024-39376CRITICALImproper Access Control In TELSAT MarKoni FM TransmitterEPSS 0.5%CVE-2023-40730HIGHA vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application lacks suffiEPSS 0.5%CVE-2024-5814MEDIUMUnverifed Ciphersuite used on a client-side TLS1.3 DowngradeEPSS 0.5%CVE-2023-7055MEDIUMPHPGurukul Online Notes Sharing System Contact Information profile.php access controlEPSS 0.5%CVE-2024-21653MEDIUMvantage6 insecure SSH configuration for node and server containersEPSS 0.5%CVE-2025-24429LOWAdobe Commerce | Improper Access Control (CWE-284)EPSS 0.5%CVE-2025-6443HIGHMikrotik RouterOS VXLAN Source IP Improper Access Control VulnerabilityEPSS 0.5%CVE-2021-44465MEDIUMImproper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe EPSS 0.5%CVE-2025-24193LOWThis issue was addressed with improved authentication. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker with a USB-C connection EPSS 0.5%CVE-2024-10353MEDIUMSourceCodester Online Exam System admin-dashboard access controlEPSS 0.5%CVE-2020-22655HIGHIn Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, RuckusEPSS 0.5%CVE-2025-4433HIGHImproper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "UsEPSS 0.5%CVE-2022-4810MEDIUMImproper Access Control in usememos/memosEPSS 0.5%CVE-2025-3565MEDIUMhuanfenz/code-projects StudentManager Announcement Management Section uploadArticle.do unrestricted uploadEPSS 0.5%CVE-2023-43901—Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernamesEPSS 0.5%CVE-2025-3324MEDIUMgodcheese/code-projects Nimrod FileRestController.java unrestricted uploadEPSS 0.5%