Weaknesses of type CWE-284

4,434 results
CVE-2023-5976MEDIUMImproper Access Control in microweber/microweberEPSS 0.4%CVE-2025-56274HIGHSourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged usersEPSS 0.4%CVE-2023-6073MEDIUMDoS and Control of Volume Settings for VW ID.3 ICAS3 IVI ECUEPSS 0.4%CVE-2025-32726MEDIUMVisual Studio Code Elevation of Privilege VulnerabilityEPSS 0.4%CVE-2024-39327CRITICALIncorrect Access Control vulnerability in Atos Eviden IDRA before 2.6.1 could allow the possibility to obtain CA signing in an illegitimate EPSS 0.4%CVE-2025-54968HIGHAn issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Service does not require authentication. In some configurations, EPSS 0.4%CVE-2026-1707HIGHRestore restriction bypass via key disclosure vulnerability (pgAdmin 4)EPSS 0.4%CVE-2023-50343HIGHImproper Access Control (Controller APIs) affects DRYiCE MyXalyticsEPSS 0.4%CVE-2024-21114HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are PrioEPSS 0.4%CVE-2025-41737HIGHImproper access control via php endpointEPSS 0.4%CVE-2026-20750CRITICALGitea Organization Projects Cross-Organization Authorization Bypass via Project ID (IDOR)EPSS 0.4%CVE-2019-1601HIGHCisco NX-OS Software Unauthorized Filesystem Access VulnerabilityEPSS 0.4%CVE-2025-12808MEDIUMImproper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custoEPSS 0.4%CVE-2024-21112HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are PrioEPSS 0.4%CVE-2026-39310HIGHTrilium Notes: Authentication Bypass in Clipper API for Electron (Desktop) BuildsEPSS 0.4%CVE-2026-2742MEDIUMUnauthorized session creation via reserved framework path accessEPSS 0.4%CVE-2026-46805CRITICALVulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that EPSS 0.4%CVE-2025-8504MEDIUMcode-projects Kitchen Treasure userregistration.php unrestricted uploadEPSS 0.4%CVE-2025-25616HIGHUnifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /eEPSS 0.4%CVE-2026-46795CRITICALVulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that EPSS 0.4%