Weaknesses of type CWE-284

4,435 results
CVE-2024-20302MEDIUMA vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an authenticated, remote attacEPSS 0.4%CVE-2023-28246HIGHWindows Registry Elevation of Privilege VulnerabilityEPSS 0.4%CVE-2025-66391HIGHIn Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., theEPSS 0.4%CVE-2025-70985CRITICALIncorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scEPSS 0.4%CVE-2024-37568HIGHlepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAEPSS 0.4%CVE-2024-2019HIGHWP-DB-Table-Editor <= 1.8.4 - Missing Authorization to Authenticated(Contributor+) Database AccessEPSS 0.4%CVE-2023-28197LOWAn access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS MEPSS 0.4%CVE-2025-64669HIGHWindows Admin Center Elevation of Privilege VulnerabilityEPSS 0.4%CVE-2024-8269HIGHMStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Unauthorized User RegistrationEPSS 0.4%CVE-2025-25381HIGHIncorrect access control in the KSRTC AWATAR app of Karnataka State Road Transport Corporation v1.3.0 allows to view sensitive information sEPSS 0.4%CVE-2023-36635MEDIUMAn improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated EPSS 0.4%CVE-2024-37883MEDIUMNextcloud Deck can access comments and attachments of deleted cardsEPSS 0.4%CVE-2024-37887LOWNextcloud Server's events information leaked with shared calendars on recurrence exceptionsEPSS 0.4%CVE-2025-3798MEDIUMWCMS Advertisement Image AdvadminController.php sub unrestricted uploadEPSS 0.4%CVE-2026-20073MEDIUMCisco Secure Firewall Adaptive Security Appliance Software and Cisco Secure Firewall Threat Defense Software Access Control List Bypass VulnerabilityEPSS 0.4%CVE-2025-51532HIGHIncorrect access control in Sage DPW 2024_12_004 and earlier allows unauthorized attackers to access the built-in Database Monitor via a craEPSS 0.4%CVE-2023-3095MEDIUMImproper Access Control in nilsteampassnet/teampassEPSS 0.4%CVE-2025-30754MEDIUMVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). EPSS 0.4%CVE-2025-69908HIGHAn unauthenticated information disclosure vulnerability in Newgen OmniApp allows attackers to enumerate valid privileged usernames via a pubEPSS 0.4%CVE-2025-45237HIGHIncorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive EPSS 0.4%