Vulnerabilities (CVE)

Filtered by CWE-284
Total 4404 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-44210 1 Apple 1 Macos 2026-06-17 N/A 3.3 LOW
This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data.
CVE-2024-43813 1 Mattermost 1 Mattermost 2026-06-17 N/A 4.3 MEDIUM
Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any user.
CVE-2024-43780 1 Mattermost 1 Mattermost Server 2026-06-17 N/A 4.3 MEDIUM
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.x <= 9.8.2 fail to enforce permissions which allows a guest user with read access to upload files to a channel.
CVE-2024-43717 1 Adobe 1 Experience Manager 2026-06-17 N/A 4.3 MEDIUM
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.
CVE-2024-43716 1 Adobe 1 Experience Manager 2026-06-17 N/A 4.3 MEDIUM
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.
CVE-2024-43600 1 Microsoft 1 Office 2026-06-17 N/A 7.8 HIGH
Microsoft Office Elevation of Privilege Vulnerability
CVE-2024-43594 1 Microsoft 3 System Center 2019, System Center 2022, System Center 2025 2026-06-17 N/A 7.3 HIGH
Microsoft System Center Elevation of Privilege Vulnerability
CVE-2024-43590 1 Microsoft 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 2026-06-17 N/A 7.8 HIGH
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
CVE-2024-43530 1 Microsoft 5 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 2 more 2026-06-17 N/A 7.8 HIGH
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-43503 1 Microsoft 1 Sharepoint Server 2026-06-17 N/A 7.8 HIGH
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2024-43492 1 Microsoft 1 Autoupdate 2026-06-17 N/A 7.8 HIGH
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
CVE-2024-43479 1 Microsoft 1 Power Automate 2026-06-17 N/A 8.5 HIGH
Microsoft Power Automate Desktop Remote Code Execution Vulnerability
CVE-2024-43477 1 Microsoft 1 Entra Id 2026-06-17 N/A 7.5 HIGH
Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant.
CVE-2024-43456 1 Microsoft 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more 2026-06-17 N/A 4.8 MEDIUM
Windows Remote Desktop Services Tampering Vulnerability
CVE-2024-43409 1 Ghost 1 Ghost 2026-06-17 N/A 6.5 MEDIUM
Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue.
CVE-2024-43397 1 Apolloconfig 1 Apollo 2026-06-17 N/A 4.3 MEDIUM
Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue was addressed with an input parameter check which was released in version 2.3.0.
CVE-2024-43377 1 Umbraco 1 Umbraco Cms 2026-06-17 N/A 5.4 MEDIUM
Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2.
CVE-2024-43101 2026-06-17 N/A 5.3 MEDIUM
Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver software before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-43031 1 Autman 1 Autman 2026-06-17 N/A 4.3 MEDIUM
autMan v2.9.6 was discovered to contain an access control issue.
CVE-2024-42988 2026-06-17 N/A 4.3 MEDIUM
Lack of access control in ChallengeSolves (/api/v1/challenges/<challenge id>/solves) of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+.