Weaknesses of type CWE-284

4,434 results
CVE-2024-1053MEDIUMEvent Tickets and Registration <= 5.8.1 - Missing AuthorizationEPSS 0.4%CVE-2026-28818MEDIUMA logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26EPSS 0.4%CVE-2026-46892CRITICALVulnerability in the JD Edwards EnterpriseOne Human Resources Management product of Oracle JD Edwards (component: Human Resources). The suEPSS 0.4%CVE-2024-12294MEDIUMLast Viewed Posts by WPBeginner <= 1.0.1 - Unauthenticated Sensitive Information ExposureEPSS 0.4%CVE-2018-15371Cisco IOS XE Software Shell Access Authentication Bypass VulnerabilityEPSS 0.4%CVE-2025-7181MEDIUMcode-projects Staff Audit System test.php unrestricted uploadEPSS 0.4%CVE-2025-3566MEDIUMveal98 小牛肉 Echo 开源社区系统 uploadMdPic unrestricted uploadEPSS 0.4%CVE-2026-46930CRITICALVulnerability in the Oracle In-Memory Cost Management for Discrete Industries product of Oracle E-Business Suite (component: Internal OperatEPSS 0.4%CVE-2024-25653MEDIUMBroken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is EPSS 0.4%CVE-2026-22692MEDIUMOctober CMS: Twig Sandbox Bypass via Collection MethodsEPSS 0.4%CVE-2024-45509CRITICALIn MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the usEPSS 0.4%CVE-2025-25598HIGHIncorrect access control in the scheduled tasks console of Inova Logic CUSTOMER MONITOR (CM) v3.1.757.1 allows attackers to escalate privileEPSS 0.4%CVE-2024-34068MEDIUMServer-side Request Forgery during remote file pull in Pterodactyl wingsEPSS 0.4%CVE-2025-45584HIGHIncorrect access control in the web service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to download car information withEPSS 0.4%CVE-2023-6966HIGHThe Moneytizer <= 9.6.3 - Missing Authorization via multiple AJAX actionsEPSS 0.4%CVE-2025-27206MEDIUMAdobe Commerce | Improper Access Control (CWE-284)EPSS 0.4%CVE-2019-20473MEDIUMAn issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configuEPSS 0.4%CVE-2025-4065MEDIUMScriptAndTools Online-Travling-System addadvertisement.php access controlEPSS 0.4%CVE-2024-6428MEDIUMLimited DoS due to permitting creating users with user-defined IDsEPSS 0.4%CVE-2025-63219HIGHThe ITEL ISO FM SFN Adapter (firmware ISO2 2.0.0.0, WebServer 2.0) is vulnerable to session hijacking due to improper session management on EPSS 0.4%