Vulnerabilities (CVE)

Filtered by CWE-284
Total 4417 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-2946 1 Open-emr 1 Openemr 2026-06-17 N/A 8.1 HIGH
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2944 1 Open-emr 1 Openemr 2026-06-17 N/A 5.4 MEDIUM
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2940 1 Google 1 Chrome 2026-06-17 N/A 6.5 MEDIUM
Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-2903 1 Nfine 1 Nfine Rapid Development Platform 2026-06-17 4.0 MEDIUM 4.3 MEDIUM
A vulnerability classified as problematic has been found in NFine Rapid Development Platform 20230511. This affects an unknown part of the file /SystemManage/Role/GetGridJson?keyword=&page=1&rows=20. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229977 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-2674 1 Open-emr 1 Openemr 2026-06-17 N/A 4.3 MEDIUM
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2429 1 Phpmyfaq 1 Phpmyfaq 2026-06-17 N/A 9.8 CRITICAL
Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
CVE-2023-2202 1 Rosariosis 1 Rosariosis 2026-06-17 N/A 6.5 MEDIUM
Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3.
CVE-2023-2159 1 Niteothemes 1 Cmp 2026-06-17 N/A 5.3 MEDIUM
The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default setting) allows users to visit a site placed in maintenance mode thus bypassing the plugin's provided feature.
CVE-2023-2104 1 Easyappointments 1 Easyappointments 2026-06-17 N/A 5.4 MEDIUM
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVE-2023-29924 1 Powerjob 1 Powerjob 2026-06-17 N/A 9.8 CRITICAL
PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution.
CVE-2023-29922 1 Powerjob 1 Powerjob 2026-06-17 N/A 5.3 MEDIUM
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.
CVE-2023-29921 1 Powerjob 1 Powerjob 2026-06-17 N/A 5.3 MEDIUM
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface.
CVE-2023-29586 1 Codesector 1 Teracopy 2026-06-17 N/A 5.5 MEDIUM
Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can copy arbitrary folders, and because the 143984 reference is about a different concern (unrelated to directory copying) that was fixed in 3.5b.
CVE-2023-29513 1 Xwiki 1 Xwiki 2026-06-17 N/A 5.0 MEDIUM
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. If guest has view right on any document. It's possible to create a new user using the `distribution/firstadminuser.wiki` in the wrong context. This vulnerability has been patched in XWiki 15.0-rc-1 and 14.10.1. There is no known workaround other than upgrading.
CVE-2023-29164 2026-06-17 N/A 7.3 HIGH
Improper access control in BMC Firmware for the Intel(R) Server Board S2600WF, Intel(R) Server Board S2600ST, Intel(R) Server Board S2600BP, before version 02.01.0017 and Intel(R) Server Board M50CYP and Intel(R) Server Board D50TNP before version R01.01.0009 may allow an authenticated user to enable escalation of privilege via local access.
CVE-2023-29140 1 Mediawiki 1 Mediawiki 2026-06-17 N/A 5.3 MEDIUM
An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.
CVE-2023-29121 1 Enelx 2 Waybox Pro, Waybox Pro Firmware 2026-06-17 N/A 9.6 CRITICAL
Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox system.
CVE-2023-29115 1 Enelx 2 Waybox Pro, Waybox Pro Firmware 2026-06-17 N/A 6.5 MEDIUM
In certain conditions a request directed to the Waybox Enel X Web management application could cause a denial-of-service (e.g. reboot).
CVE-2023-29113 2026-06-17 N/A 6.3 MEDIUM
The MIB3 infotainment unit used in Skoda and Volkswagen vehicles does not incorporate any privilege separation for the proprietary inter-process communication mechanism, leaving attackers with presence in the system an ability to undermine access control restrictions implemented at the operating system level. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
CVE-2023-28907 2026-06-17 N/A 6.7 MEDIUM
There is no memory isolation between CPU cores of the MIB3 infotainment. This fact allows an attacker with access to the main operating system to compromise the CPU core responsible for CAN message processing. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.