Vulnerabilities (CVE)

Filtered by CWE-284
Total 4416 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-49600 1 Dell 1 Power Manager 2026-06-17 N/A 7.8 HIGH
Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges.
CVE-2024-49107 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2026-06-17 N/A 7.3 HIGH
WmsRepair Service Elevation of Privilege Vulnerability
CVE-2024-49105 1 Microsoft 17 Remote Desktop Client, Windows 10 1507, Windows 10 1607 and 14 more 2026-06-17 N/A 8.4 HIGH
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2024-49068 1 Microsoft 1 Sharepoint Server 2026-06-17 N/A 8.2 HIGH
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2024-49049 1 Microsoft 1 Remote Ssh 2026-06-17 N/A 7.1 HIGH
Visual Studio Code Remote Extension Elevation of Privilege Vulnerability
CVE-2024-49044 1 Microsoft 1 Visual Studio 2022 2026-06-17 N/A 6.7 MEDIUM
Visual Studio Elevation of Privilege Vulnerability
CVE-2024-48955 2026-06-17 N/A 8.1 HIGH
Broken access control in NetAdmin 4.030319 returns data with functionalities on the endpoint that "assembles" the functionalities menus, the return of this call is not encrypted and as the system does not validate the session authorization, an attacker can copy the content of the browser of a user with greater privileges having access to the functionalities of the user that the code was copied.
CVE-2024-48932 1 Zimaspace 1 Zimaos 2026-06-17 N/A 5.3 MEDIUM
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions below 1.5.0, the API endpoint `http://<Server-ip>/v1/users/name` allows unauthenticated users to access sensitive information, such as usernames, without any authorization. This vulnerability could be exploited by an attacker to enumerate usernames and leverage them for further attacks, such as brute-force or phishing campaigns. As of time of publication, no known patched versions are available.
CVE-2024-48925 1 Umbraco 1 Umbraco Cms 2026-06-17 N/A N/A
Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section. Version 14.3.0 contains a patch.
CVE-2024-48912 1 Glpi-project 1 Glpi 2026-06-17 N/A 8.1 HIGH
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue.
CVE-2024-48905 1 Sematell 1 Replyone 2026-06-17 N/A 9.1 CRITICAL
Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint.
CVE-2024-48899 1 Moodle 1 Moodle 2026-06-17 N/A 4.3 MEDIUM
A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.
CVE-2024-48010 1 Dell 1 Data Domain Operating System 2026-06-17 N/A 6.5 MEDIUM
Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of privilege on the application.
CVE-2024-47976 2026-06-17 N/A 6.7 MEDIUM
Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access.
CVE-2024-47975 2026-06-17 N/A 7.0 HIGH
Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service.
CVE-2024-47910 2026-06-17 N/A 7.2 HIGH
An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT.
CVE-2024-47760 1 Glpi-project 1 Glpi 2026-06-17 N/A 8.8 HIGH
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.
CVE-2024-47758 1 Glpi-project 1 Glpi 2026-06-17 N/A 8.8 HIGH
GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue.
CVE-2024-47481 1 Dell 1 Data Lakehouse 2026-06-17 N/A 6.5 MEDIUM
Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Denial of service.
CVE-2024-47145 1 Mattermost 1 Mattermost Server 2026-06-17 N/A 3.1 LOW
Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links.