Weaknesses of type CWE-284
4,443 resultsCVE-2025-13785MEDIUMyungifez Skuul School Management System Image profile information disclosureEPSS 0.3%CVE-2024-30481MEDIUMWordPress JCH Optimize plugin <= 4.0.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-5484MEDIUMBookStackApp BookStack Chapter Export ExportFormatter.php chapterToMarkdown access controlEPSS 0.3%CVE-2025-20144MEDIUMCisco IOS XR Software Access Control List Bypass VulnerabilityEPSS 0.3%CVE-2025-8526MEDIUMExrick xboot UploadController.java upload unrestricted uploadEPSS 0.3%CVE-2025-10763MEDIUMacademico-sis academico Profile Picture edit-photo unrestricted uploadEPSS 0.3%CVE-2022-36851LOWImproper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on aEPSS 0.3%CVE-2025-0740HIGHImproper Access Control vulnerability in EmbedAIEPSS 0.3%CVE-2025-2031MEDIUMChestnutCMS upload uploadFile unrestricted uploadEPSS 0.3%CVE-2026-28922MEDIUMThis issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26EPSS 0.3%CVE-2025-0739HIGHImproper Access Control vulnerability in EmbedAIEPSS 0.3%CVE-2024-20929MEDIUMVulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: DB Privileges). Supported versions thEPSS 0.3%CVE-2024-21169MEDIUMVulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Partners). Supported versions that are affected are 12EPSS 0.3%CVE-2023-52099HIGHVulnerability of foreground service restrictions being bypassed in the NMS module. Successful exploitation of this vulnerability may affect EPSS 0.3%CVE-2023-49099LOWDiscourse secure uploads accessible to guests even when login is requiredEPSS 0.3%CVE-2026-0898CRITICALAn arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25.EPSS 0.3%CVE-2022-41324MEDIUMNorthern.tech Mender 3.3.x before 3.3.2 and 3.4.x before 3.4.0 has Incorrect Access Control and allows low-privileged users default read accEPSS 0.3%CVE-2024-7424MEDIUMMultiple Page Generator Plugin – MPG <= 4.0.1 - Missing AuthorizationEPSS 0.3%CVE-2026-1078HIGHAn arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Edge.EPSS 0.3%CVE-2023-21901HIGHVulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (comEPSS 0.3%