Weaknesses of type CWE-284

4,396 results
CVE-2022-43977CRITICALAn issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The debug port accessible via TCP (a qconn sEPSS 0.6%CVE-2022-23981MEDIUMWordPress Perfect Brands for WooCommerce plugin <= 2.0.4 - Set Featured Brand vulnerabilityEPSS 0.6%CVE-2025-7565MEDIUMLB-LINK BL-AC3600 Web Management Interface lighttpd.cgi geteasycfg information disclosureEPSS 0.6%CVE-2020-27873MEDIUMThis vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1EPSS 0.6%CVE-2023-28844MEDIUMUser without download rights can download older version of that file in nextcloud serverEPSS 0.6%CVE-2022-1261MEDIUMMatrikon OPC Server Improper Access ControlEPSS 0.6%CVE-2016-4427In zulip before 1.3.12, deactivated users could access messages if SSO was enabled.EPSS 0.6%CVE-2025-45343CRITICALAn issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module iEPSS 0.6%CVE-2024-25677HIGHIn Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-originEPSS 0.6%CVE-2024-21364CRITICALMicrosoft Azure Site Recovery Elevation of Privilege VulnerabilityEPSS 0.6%CVE-2021-4338MEDIUM404 to 301 <= 3.0.7 - Missing Authorization to Redirect CreationEPSS 0.6%CVE-2024-31964HIGHA vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 ConferenEPSS 0.6%CVE-2024-6737HIGH2100 TECHNOLOGY Electronic Official Document Management System - Broken Access ControlEPSS 0.6%CVE-2022-43110CRITICALVoltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system viaEPSS 0.6%CVE-2019-1690MEDIUMCisco Application Policy Infrastructure Controller IPv6 Link-Local Address VulnerabilityEPSS 0.6%CVE-2022-39310MEDIUMMalicious agent may be able to impersonate another agent in GoCDEPSS 0.6%CVE-2021-24635Visual Link Preview < 2.2.3 - Unauthorised AJAX CallsEPSS 0.6%CVE-2024-28338HIGHA login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator accounts via providing a crafted session EPSS 0.6%CVE-2022-38546MEDIUMA DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker EPSS 0.6%CVE-2025-2219MEDIUMLoveCards LoveCardsV2 image unrestricted uploadEPSS 0.6%