Vulnerabilities (CVE)

Filtered by CWE-284
Total 4436 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-50343 1 Hcltech 1 Dryice Myxalytics 2026-06-17 N/A 8.3 HIGH
HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users.
CVE-2023-50341 1 Hcltech 1 Dryice Myxalytics 2026-06-17 N/A 7.6 HIGH
HCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a "Missing Access Control" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint.
CVE-2023-50300 1 Ibm 1 Transformation Extender Advanced 2026-06-17 N/A 5.1 MEDIUM
IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due to improper access controls.
CVE-2023-50257 1 Eprosima 1 Fast Dds 2026-06-17 N/A 9.6 CRITICAL
eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Even with the application of SROS2, due to the issue where the data (`p[UD]`) and `guid` values used to disconnect between nodes are not encrypted, a vulnerability has been discovered where a malicious attacker can forcibly disconnect a Subscriber and can deny a Subscriber attempting to connect. Afterwards, if the attacker sends the packet for disconnecting, which is data (`p[UD]`), to the Global Data Space (`239.255.0.1:7400`) using the said Publisher ID, all the Subscribers (Listeners) connected to the Publisher (Talker) will not receive any data and their connection will be disconnected. Moreover, if this disconnection packet is sent continuously, the Subscribers (Listeners) trying to connect will not be able to do so. Since the initial commit of the `SecurityManager.cpp` code (`init`, `on_process_handshake`) on Nov 8, 2016, the Disconnect Vulnerability in RTPS Packets Used by SROS2 has been present prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7.
CVE-2023-50181 1 Fortinet 1 Fortiadc 2026-06-17 N/A 4.9 MEDIUM
An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests.
CVE-2023-50159 1 Scalefusion 1 Scalefusion 2026-06-17 N/A 8.8 HIGH
In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.
CVE-2023-4696 1 Usememos 1 Memos 2026-06-17 N/A 9.8 CRITICAL
Improper Access Control in GitHub repository usememos/memos prior to 0.13.2.
CVE-2023-4650 1 Instantcms 1 Instantcms 2026-06-17 N/A 4.7 MEDIUM
Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
CVE-2023-4183 1 Inventory Management System Project 1 Inventory Management System 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit_update.php of the component Password Handler. The manipulation of the argument user_id leads to improper access controls. The attack can be initiated remotely. VDB-236218 is the identifier assigned to this vulnerability.
CVE-2023-49978 1 Oretnom23 1 Customer Support System 2026-06-17 N/A 8.8 HIGH
Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators.
CVE-2023-49961 1 Wallix 2 Bastion, Bastion Access Manager 2026-06-17 N/A 7.5 HIGH
WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure.
CVE-2023-49931 1 Couchbase 1 Couchbase Server 2026-06-17 N/A 9.8 CRITICAL
An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not sufficiently restricted.
CVE-2023-49930 1 Couchbase 1 Couchbase Server 2026-06-17 N/A 9.8 CRITICAL
An issue was discovered in Couchbase Server before 7.2.4. cURL calls to /diag/eval are not sufficiently restricted.
CVE-2023-49791 1 Nextcloud 1 Nextcloud Server 2026-06-17 N/A 5.4 MEDIUM
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an active session of another user via another way, they could delete and modify workflows by sending calls directly to the API bypassing the password confirmation shown in the UI. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available.
CVE-2023-49545 1 Oretnom23 1 Customer Support System 2026-06-17 N/A 7.5 HIGH
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.
CVE-2023-49543 1 Book Store Management System Project 1 Book Store Management System 2026-06-17 N/A 9.8 CRITICAL
Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating.
CVE-2023-49473 2026-06-17 N/A 9.8 CRITICAL
Shenzhen JF6000 Cloud Media Collaboration Processing Platform firmware version V1.2.0 and software version V2.0.0 build 6245 is vulnerable to Incorrect Access Control.
CVE-2023-49099 1 Discourse 1 Discourse 2026-06-17 N/A 3.1 LOW
Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.
CVE-2023-49098 1 Discourse 1 Discourse Reactions 2026-06-17 N/A 3.5 LOW
Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939.
CVE-2023-48441 1 Adobe 1 Experience Manager 2026-06-17 N/A 5.3 MEDIUM
Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Access Control vulnerability. An attacker could leverage this vulnerability to achieve a low-confidentiality impact within the application. Exploitation of this issue does not require user interaction.