Weaknesses of type CWE-284

4,430 results
CVE-2023-6202MEDIUMInsecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost BoardsEPSS 0.4%CVE-2023-49961HIGHWALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data eEPSS 0.4%CVE-2021-44776MEDIUMspx_restservice SubNet_handler_func Broken Access ControlEPSS 0.4%CVE-2025-9941MEDIUMCodeAstro Real Estate Management System register.php unrestricted uploadEPSS 0.4%CVE-2024-0972MEDIUMBuddyPress Members Only <= 3.4.8 - Improper Access Control to Sensitive Information Exposure via REST APIEPSS 0.4%CVE-2024-42048MEDIUMOpenOrange Business Framework version 1.15.5 installs to a directory with overly permissive access control, allowing all authenticated usersEPSS 0.4%CVE-2025-49591HIGHCryptPad 2FA Bypass VulnerabilityEPSS 0.4%CVE-2025-3558MEDIUMghostxbh uzy-ssm-mall uploadUserHeadImage unrestricted uploadEPSS 0.4%CVE-2025-27207MEDIUMAdobe Commerce | Improper Access Control (CWE-284)EPSS 0.4%CVE-2025-45611CRITICALIncorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET requesEPSS 0.4%CVE-2024-46610HIGHAn access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and passwoEPSS 0.4%CVE-2019-16640HIGHAn issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled (%00 and /vaEPSS 0.4%CVE-2024-37155MEDIUMOpenCTI May Bypass Introspection RestrictionEPSS 0.4%CVE-2023-46663HIGHImproper Access Control in Sielco PolyEco1000EPSS 0.4%CVE-2024-39414MEDIUMBeing able to import/export tax rates without proper privilegesEPSS 0.4%CVE-2026-46855CRITICALVulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metadata Plugin). Supported vEPSS 0.4%CVE-2022-44622LOWIn JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessiveEPSS 0.4%CVE-2025-10847HIGHDX UIM Probe Improper ACL Handling RCEEPSS 0.4%CVE-2021-1284HIGHCisco SD-WAN vManage Software Authentication Bypass VulnerabilityEPSS 0.4%CVE-2026-2734MEDIUMAuthorization Bypass in SearchModelVersions in mlflow/mlflowEPSS 0.4%