Weaknesses of type CWE-284

4,428 results
CVE-2023-46755MEDIUMVulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launEPSS 0.4%CVE-2024-13022MEDIUMtaisan tarzan-cms Article Management UploadController.java UploadResponse unrestricted uploadEPSS 0.4%CVE-2026-31978MEDIUMmotionEye: Arbitrary File Read via Path Traversal in Picture/Movie Preview EndpointEPSS 0.4%CVE-2024-4988HIGHImproper permission control in com.transsion.videocallenhancerEPSS 0.4%CVE-2023-20224HIGHA vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local EPSS 0.4%CVE-2022-47543MEDIUMAn issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects.EPSS 0.4%CVE-2023-47110CRITICALAny value can be changed in the configuration table by an employee having access to block reassurance module EPSS 0.4%CVE-2025-6532MEDIUMNOYAFA/Xiami LF9 Pro RTSP Live Video Stream Endpoint access controlEPSS 0.4%CVE-2019-6517BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases, between November 2017 and November 20EPSS 0.4%CVE-2024-13229MEDIUMRank Math SEO <= 1.0.235 - Missing Authorization to Authenticated (Contributor+) Arbitrary Schema DeletionEPSS 0.4%CVE-2024-45870MEDIUMBandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file.EPSS 0.4%CVE-2023-47865MEDIUMUsername and Icon override can be used by members when Hardened Mode is enabledEPSS 0.4%CVE-2024-48912HIGHGLPI vulnerable to authenticated insecure account deletionEPSS 0.4%CVE-2024-52911HIGHBitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14.EPSS 0.4%CVE-2026-2133MEDIUMcode-projects Online Music Site AdminUpdateCategory.php unrestricted uploadEPSS 0.4%CVE-2020-10139HIGHAcronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. AcroEPSS 0.4%CVE-2025-61541HIGHWebmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset link sent to users isEPSS 0.4%CVE-2025-5171MEDIUMllisoft MTA Maita Training System OpenController.java this.fileService.download unrestricted uploadEPSS 0.4%CVE-2023-3303MEDIUMImproper Access Control in admidio/admidioEPSS 0.4%CVE-2018-17931If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be EPSS 0.4%