Weaknesses of type CWE-284

4,436 results
CVE-2026-28837HIGHA logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.EPSS 0.3%CVE-2026-34733MEDIUMAVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI GuardEPSS 0.3%CVE-2025-53059MEDIUMVulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch Dashboards). Supported versions EPSS 0.3%CVE-2024-45313MEDIUMInsecure default setting for Server Pro installed via Overleaf toolkitEPSS 0.3%CVE-2025-1941CRITICALLock screen setting bypass in Firefox Focus for AndroidEPSS 0.3%CVE-2023-36638MEDIUMAn improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2EPSS 0.3%CVE-2024-44219HIGHA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious application with rootEPSS 0.3%CVE-2025-31494LOWAutoGPT allows cross-user sharing of node execution results through WebSockets APIEPSS 0.3%CVE-2025-5162MEDIUMH3C SecCenter SMP-E1114P02 importFile unrestricted uploadEPSS 0.3%CVE-2025-10952MEDIUMgeyang ml-logger File server.py stream_handler information disclosureEPSS 0.3%CVE-2025-9406MEDIUMxuhuisheng lemon CmsArticleController.java uploadImage unrestricted uploadEPSS 0.3%CVE-2025-8265MEDIUM299Ko CMS File Management view unrestricted uploadEPSS 0.3%CVE-2025-8738MEDIUMzlt2000 microservices-platform Spring Actuator Interface actuator information disclosureEPSS 0.3%CVE-2026-35271HIGHVulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Weblogic). Supported versions that are aEPSS 0.3%CVE-2025-4538MEDIUMkkFileView fileUpload unrestricted uploadEPSS 0.3%CVE-2024-20912LOWVulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. EasilyEPSS 0.3%CVE-2020-36838HIGHFacebook Chat Plugin <= 1.5 - Missing Capabilities CheckEPSS 0.3%CVE-2026-46976HIGHVulnerability in the Oracle Public Sector Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions tEPSS 0.3%CVE-2024-5650HIGHDLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow abEPSS 0.3%CVE-2026-42222HIGHnginx-ui: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeoverEPSS 0.3%