Weaknesses of type CWE-284
4,436 resultsCVE-2026-42222HIGHnginx-ui: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeoverEPSS 0.3%CVE-2017-12340—A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and CiscEPSS 0.3%CVE-2025-14582MEDIUMcampcodes Online Student Enrollment System index.php unrestricted uploadEPSS 0.3%CVE-2026-35305CRITICALVulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Centralized Third Party Jars). The supported versionEPSS 0.3%CVE-2023-50181MEDIUMAn improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only autEPSS 0.3%CVE-2024-39839MEDIUMRemote username set to an arbitrary string by remote userEPSS 0.3%CVE-2025-13250MEDIUMWeiYe-Jing datax-web Job triggerJob access controlEPSS 0.3%CVE-2026-46906CRITICALVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security). SupportedEPSS 0.3%CVE-2023-52164MEDIUMaccess_device.cgi on Digiever DS-2105 Pro 3.1.0.71-11 devices allows arbitrary file read. NOTE: This vulnerability only affects products thaEPSS 0.3%CVE-2025-8965MEDIUMlinlinjava litemall Endpoint AdminStorageController.java create unrestricted uploadEPSS 0.3%CVE-2025-69822HIGHAn issue in Atomberg Atomberg Erica Smart Fan Firmware Version: V1.0.36 allows an attacker to obtain sensitive information and escalate privEPSS 0.3%CVE-2024-36441MEDIUMSwissphone DiCal-RED 4009 devices allow an unauthenticated attacker use a port-2101 TCP connection to gain access to operation messages thatEPSS 0.3%CVE-2023-41311—Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatEPSS 0.3%CVE-2025-14642MEDIUMcode-projects Computer Laboratory System technical_staff_pic.php unrestricted uploadEPSS 0.3%CVE-2025-14641MEDIUMcode-projects Computer Laboratory System admin_pic.php unrestricted uploadEPSS 0.3%CVE-2026-8147HIGHAuthorization Bypass in mlflow/mlflowEPSS 0.3%CVE-2025-5382MEDIUMImproper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to rEPSS 0.3%CVE-2026-46939HIGHVulnerability in the Oracle Configure to Order product of Oracle E-Business Suite (component: Supply to Order Workbench). Supported versionEPSS 0.3%CVE-2026-46891HIGHVulnerability in the JD Edwards EnterpriseOne Accounts Payable product of Oracle JD Edwards (component: Accounts Payable). The supported vEPSS 0.3%CVE-2019-1866LOWCisco Webex Business Suite Host Header Value Integrity VulnerabilityEPSS 0.3%