Weaknesses of type CWE-284
4,436 resultsCVE-2025-11354MEDIUMcode-projects Online Hotel Reservation System addslideexec.php unrestricted uploadEPSS 0.4%CVE-2025-43308LOWThis issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. AEPSS 0.4%CVE-2025-7175MEDIUMcode-projects E-Commerce Site users_photo.php unrestricted uploadEPSS 0.4%CVE-2023-39376MEDIUMSiberianCMS - CWE-284: Improper Access Control Authorized user may disable a security feature over the networkEPSS 0.4%CVE-2019-6744MEDIUMThis vulnerability allows local attackers to disclose sensitive information on affected installations of Samsung Knox 1.2.02.39 on Samsung GEPSS 0.4%CVE-2022-47407MEDIUMAn issue was discovered in the fp_masterquiz (aka Master-Quiz) extension before 2.2.1, and 3.x before 3.5.1, for TYPO3. An attacker can contEPSS 0.4%CVE-2025-53791MEDIUMMicrosoft Edge (Chromium-based) Security Feature Bypass VulnerabilityEPSS 0.4%CVE-2025-65276CRITICALAn unauthenticated administrative access vulnerability exists in the open-source HashTech project (https://github.com/henzljw/hashtech) 1.0 EPSS 0.4%CVE-2024-13042MEDIUMTsinghua Unigroup Electronic Archives Management System download.html download information disclosureEPSS 0.4%CVE-2024-13134MEDIUMZeroWdd studentmanager TeacherController. java editTeacher unrestricted uploadEPSS 0.4%CVE-2024-39777HIGHMalicious remote can invite itself to an arbitrary local channelEPSS 0.4%CVE-2026-41614MEDIUMM365 Copilot for Desktop Spoofing VulnerabilityEPSS 0.4%CVE-2024-13211MEDIUMSingMR HouseRent AdminController.java access controlEPSS 0.4%CVE-2025-2499MEDIUMClient side access control bypass in the permission component in
Devolutions Remote Desktop Manager on Windows. An authenticated user can eEPSS 0.4%CVE-2022-29160LOWSensitive files/data exist after deletion of user account in Nextcloud AndroidEPSS 0.4%CVE-2025-59333HIGH@executeautomation/database-server does not properly restrict access, bypassing a "read-only" modeEPSS 0.4%CVE-2025-0402MEDIUM1902756969 reggie CommonController.java upload unrestricted uploadEPSS 0.4%CVE-2024-0453MEDIUMAI ChatBot <= 5.3.4 - Missing Authorization via openai_file_delete_callbackEPSS 0.4%CVE-2024-45323MEDIUMAn improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared envirEPSS 0.4%CVE-2025-6870MEDIUMSourceCodester Simple Company Website Content.php unrestricted uploadEPSS 0.4%