Weaknesses of type CWE-284
4,432 resultsCVE-2026-1196LOWMineAdmin getFileInfoById information disclosureEPSS 0.4%CVE-2026-52844HIGHCaddy: Windows `file_server` path authorization bypass via encoded backslashEPSS 0.4%CVE-2024-1044MEDIUMCustomer Reviews for WooCommerce <= 5.38.10 - Improper Authorization via submit_reviewEPSS 0.4%CVE-2025-47794LOWNextcloud Server vulnerable to insecure temporary file creation, race with write access and permissionEPSS 0.4%CVE-2021-24752—Multiple Plugins from CatchThemes - Unauthorised Plugin's Setting ChangeEPSS 0.4%CVE-2024-5840MEDIUMPolicy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a craftedEPSS 0.4%CVE-2024-20283MEDIUMA vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affecteEPSS 0.4%CVE-2025-48869HIGHHorilla Unauthorized Access to Candidate Resume Files Due to Broken Access ControlEPSS 0.4%CVE-2026-28974HIGHThis issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS SequoiEPSS 0.4%CVE-2025-67015HIGHIncorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1 allows attackers to change the EPSS 0.4%CVE-2024-52928CRITICALArc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new pEPSS 0.4%CVE-2025-1260CRITICALOn affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected.EPSS 0.4%CVE-2024-6796HIGHVulnerability in Baxter Connex Health PortalEPSS 0.4%CVE-2022-38355HIGHDaikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to
attackers with access to the local area networEPSS 0.4%CVE-2024-37993MEDIUMA vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6EPSS 0.4%CVE-2024-46412MEDIUMIncorrect access control in the prehandle function of Rebuild v3.7.7 allows attackers to bypass authentication via a crafted GET request senEPSS 0.4%CVE-2026-20949HIGHMicrosoft Excel Security Feature Bypass VulnerabilityEPSS 0.4%CVE-2025-52289HIGHA Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafEPSS 0.4%CVE-2026-46949CRITICALVulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Internal Operations). Supported versEPSS 0.4%CVE-2025-59201HIGHNetwork Connection Status Indicator (NCSI) Elevation of Privilege VulnerabilityEPSS 0.4%