Vulnerabilities (CVE)

Filtered by CWE-284
Total 4403 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-47976 2026-06-17 N/A 6.7 MEDIUM
Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access.
CVE-2024-47975 2026-06-17 N/A 7.0 HIGH
Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service.
CVE-2024-47910 2026-06-17 N/A 7.2 HIGH
An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT.
CVE-2024-47760 1 Glpi-project 1 Glpi 2026-06-17 N/A 8.8 HIGH
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.
CVE-2024-47758 1 Glpi-project 1 Glpi 2026-06-17 N/A 8.8 HIGH
GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue.
CVE-2024-47481 1 Dell 1 Data Lakehouse 2026-06-17 N/A 6.5 MEDIUM
Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Denial of service.
CVE-2024-47145 1 Mattermost 1 Mattermost Server 2026-06-17 N/A 3.1 LOW
Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links.
CVE-2024-46990 1 Monospace 1 Directus 2026-06-17 N/A 5.0 MEDIUM
Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default `0.0.0.0` filter a user may bypass this block by using other registered loopback devices (like `127.0.0.2` - `127.127.127.127`). This issue has been addressed in release versions 10.13.3 and 11.1.0. Users are advised to upgrade. Users unable to upgrade may block this bypass by manually adding the `127.0.0.0/8` CIDR range which will block access to any `127.X.X.X` ip instead of just `127.0.0.1`.
CVE-2024-46948 1 Northern.tech 1 Mender 2026-06-17 N/A 4.3 MEDIUM
Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control.
CVE-2024-46916 1 Dieboldnixdorf 1 Vynamic Security Suite 2026-06-17 N/A 8.1 HIGH
Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file). This can allow code execution and, in some versions, enable recovery of TPM Disk Encryption keys and decryption of the Windows system partition.
CVE-2024-46627 2026-06-17 N/A 9.1 CRITICAL
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.
CVE-2024-46610 1 Thecosy 1 Icecms 2026-06-17 N/A 7.5 HIGH
An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java
CVE-2024-46609 1 Thecosy 1 Icecms 2026-06-17 N/A 7.5 HIGH
An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords
CVE-2024-46607 1 Thecosy 1 Icecms 2026-06-17 N/A 7.6 HIGH
Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file.
CVE-2024-46539 2026-06-17 N/A 8.2 HIGH
Insecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a Denial of Service (DoS).
CVE-2024-46432 1 Tenda 2 W18e, W18e Firmware 2026-06-17 N/A 8.8 HIGH
Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials.
CVE-2024-46430 1 Tenda 2 W18e, W18e Firmware 2026-06-17 N/A 6.5 MEDIUM
Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassing the authentication mechanism.
CVE-2024-46412 2026-06-17 N/A 6.5 MEDIUM
Incorrect access control in the prehandle function of Rebuild v3.7.7 allows attackers to bypass authentication via a crafted GET request sent to /commons/ip-location.
CVE-2024-46280 2026-06-17 N/A 8.8 HIGH
PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them.
CVE-2024-46097 1 Testlink 1 Testlink 2026-06-17 N/A 8.1 HIGH
TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplan_id parameter to another ID. The application does not carry out a check on the user's permissions maing it possible to recover the IDs of all the TestPlans (even the administrative ones) and modify them even with minimal privileges.