Weaknesses of type CWE-284

4,436 results
CVE-2025-4258MEDIUMzhangyanbo2007 youkefu MediaController.java upload unrestricted uploadEPSS 0.4%CVE-2026-22566HIGHAn Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credeEPSS 0.4%CVE-2025-62720HIGHLinkAce: Data Exfiltration via Export Functions Allow Access to All Users' Private LinksEPSS 0.4%CVE-2026-45178HIGHIdira Secrets Manager Self-Hosted: Improper Access Control in Internal Cluster EndpointsEPSS 0.4%CVE-2019-9530The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all filesEPSS 0.4%CVE-2021-37183MEDIUMA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-EPSS 0.4%CVE-2026-46932HIGHVulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Internal Operations). Supported versEPSS 0.4%CVE-2026-9495MEDIUMVersions of the package @koa/router from 14.0.0 and before 15.0.0 are vulnerable to Access Control Bypass due to the middleware being silentEPSS 0.4%CVE-2025-20190MEDIUMA vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attaEPSS 0.4%CVE-2025-12347MEDIUMMaxSite CMS save-file-ajax.php unrestricted uploadEPSS 0.4%CVE-2024-1942MEDIUMMattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under speEPSS 0.4%CVE-2025-60784MEDIUMA vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.EPSS 0.4%CVE-2023-39731The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast meEPSS 0.4%CVE-2025-12223MEDIUMBdtask Flight Booking Software Package Information package-information unrestricted uploadEPSS 0.4%CVE-2026-2250HIGHUnauthenticated Data Export and Source Code Disclosure via /dbviewer/ in METIS WICEPSS 0.4%CVE-2025-57130HIGHAn Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attackerEPSS 0.4%CVE-2025-7210MEDIUMcode-projects/Fabian Ros Library Management System profile_update.php unrestricted uploadEPSS 0.4%CVE-2023-47858MEDIUMDetails of archived public channels are leaked to members of another teamEPSS 0.4%CVE-2022-33931MEDIUMDell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An attacker with no access to Alert ClasEPSS 0.4%CVE-2025-14195MEDIUMcode-projects Employee Profile Management System add_file_query.php unrestricted uploadEPSS 0.4%