Weaknesses of type CWE-284

4,443 results
CVE-2025-9461MEDIUMdiyhi bbs File Compression FilePackageManageAction.java information disclosureEPSS 0.3%CVE-2023-3096MEDIUMKylinSoft kylin-software-properties changedSource access controlEPSS 0.3%CVE-2022-26308LOWImproper Access Control in Configuration (Credential store)EPSS 0.3%CVE-2024-1887MEDIUMPublic channel post content accessible without membership when compliance export is enabledEPSS 0.3%CVE-2025-13815MEDIUMmoxi159753 Mogu Blog v2 pictures unrestricted uploadEPSS 0.3%CVE-2025-47993HIGHMicrosoft PC Manager Elevation of Privilege VulnerabilityEPSS 0.3%CVE-2025-0743MEDIUMImproper Access Control vulnerability in EmbedAIEPSS 0.3%CVE-2024-41806MEDIUMOpen edX Platform's instructor upload CSV for cohort creation not Private by DefaultEPSS 0.3%CVE-2024-1888MEDIUMExisting server guests invited to the team by members without "invite_guest" permissionEPSS 0.3%CVE-2026-24290HIGHWindows Projected File System Elevation of Privilege VulnerabilityEPSS 0.3%CVE-2024-29221MEDIUMInvite ID available to team admins even without the "Add Members" permissionEPSS 0.3%CVE-2025-10371MEDIUMeCharge Hardy Barth Salia PLCC api.php unrestricted uploadEPSS 0.3%CVE-2026-23495MEDIUMPimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" ListingEPSS 0.3%CVE-2026-46819CRITICALVulnerability in the Oracle Internet Procurement Connector product of Oracle E-Business Suite (component: Internal Operations). Supported vEPSS 0.3%CVE-2025-13544MEDIUMashraf-kabir travel-agency customer_register.php unrestricted uploadEPSS 0.3%CVE-2025-43027CRITICALA critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain adminisEPSS 0.3%CVE-2025-30141HIGHAn issue was discovered on G-Net Dashcam BB GONX devices. One can Remotely Dump Video Footage and the Live Video Stream. It exposes API endpEPSS 0.3%CVE-2020-11931LOWUbuntu modifications to pulseaudio to provide snap security enforcement could be unloadedEPSS 0.3%CVE-2024-24487MEDIUMAn issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packetEPSS 0.3%CVE-2025-29270CRITICALIncorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain acceEPSS 0.3%