Vulnerabilities (CVE)

Filtered by CWE-284
Total 4416 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-0963 1 Music Gallery Site Project 1 Music Gallery Site 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221633 was assigned to this vulnerability.
CVE-2023-0811 1 Omron 256 Sysmac Cj2h-cpu64, Sysmac Cj2h-cpu64-eip, Sysmac Cj2h-cpu64-eip Firmware and 253 more 2026-06-17 N/A 9.1 CRITICAL
Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program.
CVE-2023-0744 1 Answer 1 Answer 2026-06-17 N/A 9.8 CRITICAL
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.
CVE-2023-0661 1 Devolutions 1 Devolutions Server 2026-06-17 N/A 6.5 MEDIUM
Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data.
CVE-2023-0451 1 Econolite 1 Eos 2026-06-17 N/A 7.5 HIGH
Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and technicians.
CVE-2023-0319 1 Gitlab 1 Gitlab 2026-06-17 N/A 5.8 MEDIUM
An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing to read environment names supposed to be restricted to project memebers only.
CVE-2023-0017 1 Sap 1 Netweaver Application Server For Java 2026-06-17 N/A 9.4 CRITICAL
An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. This could allow the attacker to have full read access to user data, make modifications to user data, and make services within the system unavailable.
CVE-2023-0012 2 Microsoft, Sap 2 Windows, Host Agent 2026-06-17 N/A 6.4 MEDIUM
In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised.
CVE-2022-4814 1 Usememos 1 Memos 2026-06-17 N/A 4.3 MEDIUM
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4810 1 Usememos 1 Memos 2026-06-17 N/A 4.3 MEDIUM
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4809 1 Usememos 1 Memos 2026-06-17 N/A 8.8 HIGH
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4807 1 Usememos 1 Memos 2026-06-17 N/A 4.3 MEDIUM
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4724 1 Ikus-soft 1 Rdiffweb 2026-06-17 N/A 9.8 CRITICAL
Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5.
CVE-2022-4711 1 Royal-elementor-addons 1 Royal Elementor Addons 2026-06-17 N/A 4.3 MEDIUM
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu settings for any menu item.
CVE-2022-4709 1 Royal-elementor-addons 1 Royal Elementor Addons 2026-06-17 N/A 4.3 MEDIUM
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import and activate templates from the plugin's template library.
CVE-2022-4708 1 Royal-elementor-addons 1 Royal Elementor Addons 2026-06-17 N/A 4.3 MEDIUM
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to modify the conditions under which templates are displayed.
CVE-2022-4705 1 Royal-elementor-addons 1 Royal Elementor Addons 2026-06-17 N/A 4.3 MEDIUM
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset site configuration templates, which can be chosen and imported via a separate action documented in CVE-2022-4704.
CVE-2022-4704 1 Royal-elementor-addons 1 Royal Elementor Addons 2026-06-17 N/A 5.4 MEDIUM
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import preset site configuration templates including images and settings.
CVE-2022-4703 1 Royal-elementor-addons 1 Royal Elementor Addons 2026-06-17 N/A 4.3 MEDIUM
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to reset previously imported data.
CVE-2022-4702 1 Royal-elementor-addons 1 Royal Elementor Addons 2026-06-17 N/A 5.4 MEDIUM
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to deactivate every plugin on the site unless it is part of an extremely limited hardcoded selection. This also switches the site to the 'royal-elementor-kit' theme, potentially resulting in availability issues.