Vulnerabilities (CVE)

Filtered by CWE-284
Total 4418 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-4703 1 Royal-elementor-addons 1 Royal Elementor Addons 2026-06-17 N/A 4.3 MEDIUM
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to reset previously imported data.
CVE-2022-4702 1 Royal-elementor-addons 1 Royal Elementor Addons 2026-06-17 N/A 5.4 MEDIUM
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to deactivate every plugin on the site unless it is part of an extremely limited hardcoded selection. This also switches the site to the 'royal-elementor-kit' theme, potentially resulting in availability issues.
CVE-2022-4700 1 Royal-elementor-addons 1 Royal Elementor Addons 2026-06-17 N/A 5.4 MEDIUM
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'royal-elementor-kit' theme. If no such theme is installed doing so can also impact site availability as the site attempts to load a nonexistent theme.
CVE-2022-4689 1 Usememos 1 Memos 2026-06-17 N/A 8.8 HIGH
Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.
CVE-2022-4684 1 Usememos 1 Memos 2026-06-17 N/A 8.8 HIGH
Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.
CVE-2022-4567 1 Open-emr 1 Openemr 2026-06-17 N/A 8.1 HIGH
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.
CVE-2022-4331 1 Gitlab 1 Gitlab 2026-06-17 N/A 5.7 MEDIUM
An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group.
CVE-2022-48683 1 Apple 1 Macos 2026-06-17 N/A 7.8 HIGH
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13. An app may be able to break out of its sandbox.
CVE-2022-47699 1 Comfast Project 2 Cf-wr623n, Cf-wr623n Firmware 2026-06-17 N/A 9.8 CRITICAL
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Incorrect Access Control.
CVE-2022-47634 1 Isode 1 M-link 2026-06-17 N/A 8.1 HIGH
M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrative users to access and manipulate archive data via certain HTTP endpoints, aka LINK-2867.
CVE-2022-47543 1 Siren 1 Investigate 2026-06-17 N/A 5.3 MEDIUM
An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects.
CVE-2022-47542 1 Red-gate 1 Sql Monitor 2026-06-17 N/A 8.8 HIGH
Red Gate SQL Monitor 11.0.14 through 12.1.46 has Incorrect Access Control, exploitable remotely for Escalation of Privileges.
CVE-2022-47407 1 Master-quiz Project 1 Master-quiz 2026-06-17 N/A 6.5 MEDIUM
An issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can continue the quiz of a different user. In doing so, the attacker can view that user's answers and modify those answers.
CVE-2022-47037 1 Siklu 9 Tg Firmware, Tg Lr T280, Tg Mpl-261 and 6 more 2026-06-17 N/A 7.5 HIGH
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials.
CVE-2022-47036 2026-06-17 N/A 9.8 CRITICAL
Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has been revealed via a brute force attack on an MD5 hash. It can be used for "debug login" by an admin. NOTE: the vulnerability is not fixed by the 2.1.1 firmware; instead, it is fixed in newer hardware, which would typically be used with firmware 2.1.1 or later.
CVE-2022-46892 1 Amperecomputing 4 Ampere Altra, Ampere Altra Firmware, Ampere Altra Max and 1 more 2026-06-17 N/A 9.8 CRITICAL
In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex.
CVE-2022-46890 1 Nexusphp 1 Nexusphp 2026-06-17 N/A 4.3 MEDIUM
Weak access control in NexusPHP before 1.7.33 allows a remote authenticated user to edit any post in the forum (this is caused by a lack of checks performed by the /forums.php?action=post page).
CVE-2022-46664 1 Siemens 1 Mendix Workflow Commons 2026-06-17 N/A 8.1 HIGH
A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read or delete sensitive information.
CVE-2022-46025 1 Totolink 2 N200re V5, N200re V5 Firmware 2026-06-17 N/A 9.1 CRITICAL
Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page.
CVE-2022-45929 2026-06-17 N/A 8.8 HIGH
Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user.