Vulnerabilities (CVE)

Filtered by CWE-284
Total 4439 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-26203 1 Microsoft 1 Azure Data Studio 2026-06-17 N/A 7.3 HIGH
Azure Data Studio Elevation of Privilege Vulnerability
CVE-2024-26201 1 Microsoft 1 Intune Company Portal 2026-06-17 N/A 6.6 MEDIUM
Microsoft Intune Linux Agent Elevation of Privilege Vulnerability
CVE-2024-26139 1 Citeum 1 Opencti 2026-06-17 N/A 8.3 HIGH
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web application.
CVE-2024-26029 1 Adobe 1 Experience Manager 2026-06-17 N/A 7.5 HIGH
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain disclose information. Exploitation of this issue does not require user interaction.
CVE-2024-26022 1 Intel 1 Aptio V Uefi Firmware Integrator Tools 2026-06-17 N/A 7.8 HIGH
Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-25981 2 Fedoraproject, Moodle 2 Fedora, Moodle 2026-06-17 N/A 4.3 MEDIUM
Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers.
CVE-2024-25980 2 Fedoraproject, Moodle 2 Fedora, Moodle 2026-06-17 N/A 4.3 MEDIUM
Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.
CVE-2024-25962 1 Dell 1 Insightiq 2026-06-17 N/A 8.3 HIGH
Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data.
CVE-2024-25852 1 Linksys 2 Re7000, Re7000 Firmware 2026-06-17 N/A 8.8 HIGH
Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights.
CVE-2024-25830 1 F-logic 2 Datacube3, Datacube3 Firmware 2026-06-17 N/A 9.8 CRITICAL
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password.
CVE-2024-25811 1 Iteachyou 1 Dreamer Cms 2026-06-17 N/A 6.5 MEDIUM
An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information.
CVE-2024-25736 1 Wyrestorm 2 Apollo Vx20, Apollo Vx20 Firmware 2026-06-17 N/A 7.5 HIGH
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot GET request.
CVE-2024-25723 1 Zenml 1 Zenml 2026-06-17 N/A 8.8 HIGH
ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched versions: 0.44.4, 0.43.1, and 0.42.2.
CVE-2024-25677 1 Minbrowser 1 Min 2026-06-17 N/A 8.8 HIGH
In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document.
CVE-2024-25653 1 Delinea 1 Secret Server 2026-06-17 N/A 4.3 MEDIUM
Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI.
CVE-2024-25576 1 Intel 1 Agilex 7 Fpga Firmware 2026-06-17 N/A 7.9 HIGH
improper access control in firmware for some Intel(R) FPGA products before version 24.1 may allow a privileged user to enable escalation of privilege via local access.
CVE-2024-25501 1 Winmail 1 Winmail 2026-06-17 N/A 8.8 HIGH
An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker to execute arbitrary code via a crafted script to the email parameter.
CVE-2024-25251 1 Carmelo 1 Agro-school Management System 2026-06-17 N/A 8.8 HIGH
code-projects Agro-School Management System 1.0 is suffers from Incorrect Access Control.
CVE-2024-25169 1 Jupo 1 Mezzanine 2026-06-17 N/A 9.8 CRITICAL
An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.
CVE-2024-25133 2026-06-17 N/A 8.8 HIGH
A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod.