Vulnerabilities (CVE)

Filtered by CWE-284
Total 4418 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-43594 1 Microsoft 3 System Center 2019, System Center 2022, System Center 2025 2026-06-17 N/A 7.3 HIGH
Microsoft System Center Elevation of Privilege Vulnerability
CVE-2024-43590 1 Microsoft 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 2026-06-17 N/A 7.8 HIGH
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
CVE-2024-43530 1 Microsoft 5 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 2 more 2026-06-17 N/A 7.8 HIGH
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-43503 1 Microsoft 1 Sharepoint Server 2026-06-17 N/A 7.8 HIGH
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2024-43492 1 Microsoft 1 Autoupdate 2026-06-17 N/A 7.8 HIGH
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
CVE-2024-43479 1 Microsoft 1 Power Automate 2026-06-17 N/A 8.5 HIGH
Microsoft Power Automate Desktop Remote Code Execution Vulnerability
CVE-2024-43477 1 Microsoft 1 Entra Id 2026-06-17 N/A 7.5 HIGH
Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant.
CVE-2024-43456 1 Microsoft 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more 2026-06-17 N/A 4.8 MEDIUM
Windows Remote Desktop Services Tampering Vulnerability
CVE-2024-43409 1 Ghost 1 Ghost 2026-06-17 N/A 6.5 MEDIUM
Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue.
CVE-2024-43397 1 Apolloconfig 1 Apollo 2026-06-17 N/A 4.3 MEDIUM
Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue was addressed with an input parameter check which was released in version 2.3.0.
CVE-2024-43377 1 Umbraco 1 Umbraco Cms 2026-06-17 N/A 5.4 MEDIUM
Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2.
CVE-2024-43101 2026-06-17 N/A 5.3 MEDIUM
Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver software before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-43031 1 Autman 1 Autman 2026-06-17 N/A 4.3 MEDIUM
autMan v2.9.6 was discovered to contain an access control issue.
CVE-2024-42988 2026-06-17 N/A 4.3 MEDIUM
Lack of access control in ChallengeSolves (/api/v1/challenges/<challenge id>/solves) of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+.
CVE-2024-42967 1 Totolink 2 Lr350, Lr350 Firmware 2026-06-17 N/A 9.8 CRITICAL
Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.
CVE-2024-42919 1 Escanav 1 Escan Management Console 2026-06-17 N/A 9.8 CRITICAL
eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport.
CVE-2024-42797 1 Lopalopa 1 Music Management System 2026-06-17 N/A 9.8 CRITICAL
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries.
CVE-2024-42796 1 Lopalopa 1 Music Management System 2026-06-17 N/A 5.9 MEDIUM
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries.
CVE-2024-42795 1 Lopalopa 1 Music Management System 2026-06-17 N/A 4.2 MEDIUM
An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details.
CVE-2024-42794 1 Lopalopa 1 Music Management System 2026-06-17 N/A 4.7 MEDIUM
Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user.