Vulnerabilities (CVE)

Filtered by CWE-284
Total 4437 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-33666 1 Zammad 1 Zammad 2026-06-17 N/A 8.6 HIGH
An issue was discovered in Zammad before 6.3.0. Users with customer access to a ticket could have accessed time accounting details of this ticket via the API. This data should be available only to agents.
CVE-2024-33647 2026-06-17 N/A 6.5 MEDIUM
A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects.
CVE-2024-33396 2026-06-17 N/A 8.4 HIGH
An issue in karmada-io karmada v1.9.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.
CVE-2024-33393 2026-06-17 N/A 6.2 MEDIUM
An issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.
CVE-2024-33260 1 Jerryscript 1 Jerryscript 2026-06-17 N/A 5.1 MEDIUM
Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c
CVE-2024-33227 2026-06-17 N/A 8.8 HIGH
An issue in the component ddcdrv.sys of Nicomsoft WinI2C/DDC v3.7.4.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
CVE-2024-33027 1 Qualcomm 180 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 177 more 2026-06-17 N/A 8.4 HIGH
Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table.
CVE-2024-32973 2026-06-17 N/A 4.8 MEDIUM
Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. In affected versions an attacker with the ability to actively intercept network traffic would be able to use a specifically-crafted certificate to fool Pluto into trusting it to be the intended remote for the TLS session. This results in the HTTP library and socket.starttls providing less transport integrity than expected. This issue has been patched in pull request #851 which has been included in version 0.9.3. Users are advised to upgrade. there are no known workarounds for this vulnerability.
CVE-2024-32969 2026-06-17 N/A 2.7 LOW
vantage6 is an open-source infrastructure for privacy preserving analysis. Collaboration administrators can add extra organizations to their collaboration that can extend their influence. For example, organizations that they include can then create new users for which they know the passwords, and use that to read task results of other collaborations that that organization is involved in. This is only relatively trusted users - with access to manage a collaboration - are able to do this, which reduces the impact. This vulnerability was patched in version 4.5.0rc3.
CVE-2024-32940 1 Intel 1 Raid Web Console 2026-06-17 N/A 6.5 MEDIUM
Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable denial of service via adjacent access.
CVE-2024-32939 1 Mattermost 1 Mattermost 2026-06-17 N/A 4.3 MEDIUM
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server."
CVE-2024-32483 1 Intel 1 Endpoint Management Assistant 2026-06-17 N/A 8.2 HIGH
Improper access control for some Intel(R) EMA software before version 1.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-32418 1 Flusity 1 Flusity 2026-06-17 N/A 9.8 CRITICAL
An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component.
CVE-2024-32124 1 Fortinet 1 Fortiisolator 2026-06-17 N/A 4.3 MEDIUM
An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request.
CVE-2024-32045 1 Mattermost 1 Mattermost Server 2026-06-17 N/A 5.9 MEDIUM
Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to enforce proper access controls for channel and team membership when linking a playbook run to a channel which allows members to link their runs to private channels they were not members of.
CVE-2024-32044 2026-06-17 N/A 6.8 MEDIUM
Improper access control for some Intel(R) Arc(TM) Pro Graphics for Windows drivers before version 31.0.101.5319 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2024-31967 2026-06-17 N/A 9.1 CRITICAL
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an unauthorized access attack due to improper access control. A successful exploit could allow an attacker to gain unauthorized access to user information or the system configuration.
CVE-2024-31964 2026-06-17 N/A 7.5 HIGH
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication control. A successful exploit could allow an attacker to modify system configuration settings and potentially cause a denial of service.
CVE-2024-31859 1 Mattermost 1 Mattermost Server 2026-06-17 N/A 4.3 MEDIUM
Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper authorization checks which allows a member running a playbook in an existing channel to be promoted to a channel admin
CVE-2024-31846 1 Italtel 1 Embrace 2026-06-17 N/A 7.5 HIGH
An issue was discovered in Italtel Embrace 1.6.4. The web application does not restrict or incorrectly restricts access to a resource from an unauthorized actor.