Weaknesses of type CWE-285

1,285 results

CVE-2019-1907HIGHCisco Integrated Management Controller Substring Comparison Privilege Escalation VulnerabilityEPSS 1.4%CVE-2022-2536MEDIUMTransposh WordPress Translation <= 1.0.9.6 - Authorization BypassEPSS 1.4%CVE-2021-34434—In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a EPSS 1.4%CVE-2016-7077MEDIUMforeman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated EPSS 1.4%CVE-2016-7078MEDIUMforeman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_EPSS 1.4%CVE-2017-16773MEDIUMImproper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users tEPSS 1.4%CVE-2021-28626LOWAdobe Experience Manager Improper Authorization at /content/usergeneratedEPSS 1.3%CVE-2022-30670HIGHEscalate Privileges to Server Admin - Robohelp ServerEPSS 1.3%CVE-2021-24188—WP Content Copy Protection & No Right Click < 3.1.5 - Arbitrary Plugin Installation/Activation via Low Privilege UserEPSS 1.3%CVE-2021-24190—WooCommerce Conditional Marketing Mailer < 1.5.2 - Arbitrary Plugin Installation/Activation via Low Privilege UserEPSS 1.3%CVE-2021-24194—Login Protection - Limit Failed Login Attempts < 2.9 - Arbitrary Plugin Installation/Activation via Low Privilege UserEPSS 1.3%CVE-2021-24195—Login as User or Customer (User Switching) < 1.9 - Arbitrary Plugin Installation/Activation via Low Privilege UserEPSS 1.3%CVE-2021-24189—Captchinoo, Google recaptcha for admin login page < 2.4 - Arbitrary Plugin Installation/Activation via Low Privilege UserEPSS 1.3%CVE-2021-24193—Visitor Traffic Real Time Statistics < 2.12 - Arbitrary Plugin Installation/Activation via Low Privilege UserEPSS 1.3%CVE-2021-24192—Tree Sitemap < 2.9 - Arbitrary Plugin Installation/Activation via Low Privilege UserEPSS 1.3%CVE-2021-21362HIGHBypassing readOnly policy by creating a temporary 'mc share upload' URLEPSS 1.3%CVE-2019-10154MEDIUMA flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversationEPSS 1.3%CVE-2021-22865—Improper access control in GitHub Enterprise Server leading to unauthorized read access to private repository metadataEPSS 1.3%CVE-2021-24191—WP Maintenance Mode & Site Under Construction < 1.8.2 - Arbitrary Plugin Installation/Activation via Low Privilege UserEPSS 1.3%CVE-2021-41975HIGHTad TadTools - Improper AuthorizationEPSS 1.3%

← previouspage 6 / 65next →