Weaknesses of type CWE-284
4,356 resultsCVE-2019-3934—Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP EPSS 7.7%CVE-2024-5655CRITICALImproper Access Control in GitLabEPSS 7.5%CVE-2022-22282—SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connectionEPSS 7.2%CVE-2021-36888CRITICALWordPress Image Hover Effects Ultimate plugin <= 9.6.1 - Unauthenticated Arbitrary Options Update leading to full website compromiseEPSS 6.7%CVE-2017-7918—An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attackerEPSS 6.7%CVE-2025-25948CRITICALIncorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS)EPSS 6.6%CVE-2023-0744CRITICALImproper Access Control in answerdev/answerEPSS 6.4%CVE-2025-56241HIGHAztech DSL5005EN firmware 1.00.AZ_2013-05-10 and possibly other versions allows unauthenticated attackers to change the administrator passwoEPSS 6.3%CVE-2025-48999MEDIUMDataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE VulnerabilityEPSS 6.3%CVE-2024-6385CRITICALImproper Access Control in GitLabEPSS 6.0%CVE-2019-3933—Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /iEPSS 5.9%CVE-2026-33484HIGHLangflow has Unauthenticated IDOR on Image DownloadsEPSS 5.8%CVE-2019-13656CRITICALAn access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows aEPSS 5.8%CVE-2022-32212—A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that EPSS 5.6%CVE-2023-21752HIGHWindows Backup Service Elevation of Privilege VulnerabilityEPSS 5.3%CVE-2012-6068CRITICAL3S CoDeSys Improper Access ControlEPSS 5.3%CVE-2009-2631—Clientless SSL VPN products break web browser domain-based security modelsEPSS 5.1%CVE-2024-26234MEDIUMProxy Driver Spoofing VulnerabilityEPSS 4.9%CVE-2017-7912—Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allowEPSS 4.8%CVE-2022-25481MEDIUMThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system enviroEPSS 4.7%