Weaknesses of type CWE-284
4,383 resultsCVE-2025-2121MEDIUMThinkware Car Dashcam F800 Pro File Storage access controlEPSS 0.9%CVE-2022-24730HIGHPath traversal and improper access control allows leaking out-of-bound files from Argo CD repo-serverEPSS 0.9%CVE-2024-11961MEDIUMGuangzhou Huayi Intelligent Technology Jeewms WmOmNoticeHController.java preHandle information disclosureEPSS 0.9%CVE-2024-1114MEDIUMopenBI Screen.php dlfile access controlEPSS 0.9%CVE-2021-4352MEDIUMJobSearch WP Job Board <= 1.8.1 - Missing Authorization to Settings ChangeEPSS 0.9%CVE-2016-9599HIGHpuppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creaEPSS 0.9%CVE-2022-38184HIGHThere is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1EPSS 0.9%CVE-2025-24411HIGHAdobe Commerce | Improper Access Control (CWE-284)EPSS 0.9%CVE-2023-24058MEDIUMBooked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservatioEPSS 0.9%CVE-2020-1604MEDIUMJunos OS: EX4300/EX4600/QFX3500/QFX5100 Series: Stateless IP firewall filter may fail to evaluate certain packetsEPSS 0.8%CVE-2023-39349HIGHSentry vulnerable to privilege escalation via ApiTokensEndpointEPSS 0.8%CVE-2024-0212HIGHCloudflare WordPress plugin enables information disclosure of Cloudflare API (for low privileged users)EPSS 0.8%CVE-2022-20918HIGHA vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security AppliancEPSS 0.8%CVE-2023-36561HIGHAzure DevOps Server Elevation of Privilege VulnerabilityEPSS 0.8%CVE-2022-45475MEDIUMTiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible becauEPSS 0.8%CVE-2017-8448—An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could creatEPSS 0.8%CVE-2021-28505HIGHOn affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.EPSS 0.8%CVE-2022-23768HIGHNeo Information Sys. NIS-HAP11AC remote access and manipulation vulnerabilityEPSS 0.8%CVE-2019-6538CRITICALMedtronic Conexus Radio Frequency Telemetry Protocol Improper Access ControlEPSS 0.8%CVE-2021-45111HIGHImproper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to triggerEPSS 0.8%