Weaknesses of type CWE-284

4,428 results
CVE-2023-43901Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernamesEPSS 0.5%CVE-2023-34404MEDIUMMercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to these pins and get access to intEPSS 0.5%CVE-2024-46990MEDIUMSSRF Loopback IP filter bypass in directusEPSS 0.5%CVE-2024-12896MEDIUMIntelbras VIP S4320 G2 Web Interface webCapsConfig information disclosureEPSS 0.5%CVE-2025-4066MEDIUMScriptAndTools Online-Travling-System addpackage.php access controlEPSS 0.5%CVE-2026-24036MEDIUMHorilla Exposes Unpublished Job Disclosures through Unauthenticated APIEPSS 0.5%CVE-2026-20839MEDIUMWindows Client-Side Caching (CSC) Service Information Disclosure VulnerabilityEPSS 0.5%CVE-2026-46946CRITICALVulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affecEPSS 0.5%CVE-2024-27790HIGHClaris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker SeEPSS 0.5%CVE-2026-46945CRITICALVulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affecEPSS 0.5%CVE-2024-35433HIGHZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, cEPSS 0.5%CVE-2024-1475MEDIUMComing Soon Maintenance Mode <= 1.0.5 - Information ExposureEPSS 0.5%CVE-2024-0978MEDIUMMy Private Site <= 3.0.14 - Improper Access Control to Sensitive Information Exposure via REST APIEPSS 0.5%CVE-2024-57249MEDIUMIncorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via explEPSS 0.5%CVE-2016-4426In zulip before 1.3.12, bot API keys were accessible to other users in the same realm.EPSS 0.5%CVE-2024-1472MEDIUMWP Maintenance <= 6.1.6 - Information ExposureEPSS 0.5%CVE-2022-28612MEDIUMWordPress Custom Popup Builder plugin <= 1.3.1 - Improper Access Control vulnerability leading to multiple Authenticated Stored XSSEPSS 0.5%CVE-2024-22459MEDIUMDell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerEPSS 0.5%CVE-2023-20191MEDIUMA vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allowEPSS 0.5%CVE-2023-25525HIGHNVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIEPSS 0.5%