Weaknesses of type CWE-284
4,436 resultsCVE-2024-7057MEDIUMImproper Access Control in GitLabEPSS 0.4%CVE-2024-40531HIGHA mass assignment vulnerability exists in Pantera CRM versions 401.152 and 402.072. This flaw allows authenticated users to modify any user EPSS 0.4%CVE-2025-2090MEDIUMPHPGurukul Pre-School Enrollment System Sub Admin add-subadmin.php access controlEPSS 0.4%CVE-2025-7895MEDIUMharry0703 MoneyPrinterTurbo File Extension video.py upload_bgm_file unrestricted uploadEPSS 0.4%CVE-2025-31258MEDIUMThis issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its EPSS 0.4%CVE-2026-46776HIGHVulnerability in the Oracle Unified Directory product of Oracle Fusion Middleware (component: OUD Core). Supported versions that are affectEPSS 0.4%CVE-2025-5728MEDIUMSourceCodester Open Source Clinic Management System manage_website.php unrestricted uploadEPSS 0.4%CVE-2024-37884LOWNextcloud Server's users can delete old versions of read-only shared filesEPSS 0.4%CVE-2025-55469CRITICALIncorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend.EPSS 0.4%CVE-2025-66735HIGHyoulai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permissioEPSS 0.4%CVE-2026-25176HIGHWindows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityEPSS 0.4%CVE-2022-2995HIGHIncorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible dataEPSS 0.4%CVE-2023-33301MEDIUMAn improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource fromEPSS 0.4%CVE-2022-39421HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are PriorEPSS 0.4%CVE-2025-23203MEDIUMIcinga has rest API endpoints accessible to restricted usersEPSS 0.4%CVE-2024-20261MEDIUMA vulnerability in the file policy feature that is used to inspect encrypted archive files of Cisco Firepower Threat Defense (FTD) Software EPSS 0.4%CVE-2025-12276MEDIUMLearnHouse Image information disclosureEPSS 0.4%CVE-2025-4926MEDIUMPHPGurukul Car Rental Project post-avehical.php unrestricted uploadEPSS 0.4%CVE-2025-5059MEDIUMCampcodes Online Shopping Portal edit-subcategory.php unrestricted uploadEPSS 0.4%CVE-2019-15615—A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to thEPSS 0.4%