Vulnerabilities (CVE)

Filtered by CWE-284
Total 4417 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-27088 1 Feiqu-opensource Project 1 Feiqu-opensource 2026-06-17 N/A 8.8 HIGH
feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to change the blacklist IP address in the system at will.
CVE-2023-26770 1 Taskcafe Project 1 Taskcafe 2026-06-17 N/A 9.8 CRITICAL
TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user.
CVE-2023-26596 1 Intel 1 Thunderbolt Dch Driver 2026-06-17 N/A 2.5 LOW
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-26585 1 Intel 1 Thunderbolt Dch Driver 2026-06-17 N/A 5.0 MEDIUM
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-26460 1 Sap 1 Netweaver Application Server For Java 2026-06-17 N/A 5.3 MEDIUM
Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity
CVE-2023-26360 1 Adobe 1 Coldfusion 2026-06-17 N/A 8.6 HIGH
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
CVE-2023-25777 1 Intel 1 Thunderbolt Dch Driver 2026-06-17 N/A 7.9 HIGH
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-25595 1 Arubanetworks 1 Clearpass Policy Manager 2026-06-17 N/A 5.5 MEDIUM
A vulnerability exists in the ClearPass OnGuard Ubuntu agent that allows for an attacker with local Ubuntu instance access to potentially obtain sensitive information. Successful Exploitation of this vulnerability allows an attacker to retrieve information that is of a sensitive nature to the ClearPass/OnGuard environment.
CVE-2023-25174 1 Intel 1 Chipset Device Software 2026-06-17 N/A 6.7 MEDIUM
Improper access control in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-25073 1 Intel 1 Driver \& Support Assistant 2026-06-17 N/A 5.5 MEDIUM
Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-24905 1 Microsoft 5 Windows 10 20h2, Windows 10 21h2, Windows 10 22h2 and 2 more 2026-06-17 N/A 7.8 HIGH
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2023-24688 1 Mojoportal 1 Mojoportal 2026-06-17 N/A 5.3 MEDIUM
An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled.
CVE-2023-24544 1 Buffalo 24 Bs-gs2008, Bs-gs2008 Firmware, Bs-gs2008p and 21 more 2026-06-17 N/A 8.1 HIGH
Improper access control vulnerability in Buffalo network devices allows a network-adjacent attacker to obtain specific files of the product. As a result, the product settings may be altered. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier
CVE-2023-24481 1 Intel 1 Thunderbolt Dch Driver 2026-06-17 N/A 6.3 MEDIUM
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-24468 1 Microfocus 1 Netiq Advanced Authentication 2026-06-17 N/A 9.8 CRITICAL
Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
CVE-2023-24425 1 Jenkins 1 Kubernetes Credentials Provider 2026-06-17 N/A 6.5 MEDIUM
Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to.
CVE-2023-24320 1 Axcora 1 Axcora 2026-06-17 N/A 9.8 CRITICAL
An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbitrary commands via unspecified vectors.
CVE-2023-24215 2026-06-17 N/A 9.1 CRITICAL
Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request.
CVE-2023-24058 1 Twinkletoessoftware 1 Booked 2026-06-17 N/A 4.3 MEDIUM
Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler (Sep 6, 2022 Feature Release) is affected.
CVE-2023-24028 1 Misp-project 1 Misp 2026-06-17 N/A 9.8 CRITICAL
In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function.