Weaknesses of type CWE-284

4,443 results
CVE-2024-12370MEDIUMWP Hotel Booking <= 2.1.5 - Missing AuthorizationEPSS 0.3%CVE-2026-0881CRITICALSandbox escape in the Messaging System componentEPSS 0.3%CVE-2026-3209MEDIUMfosrl Pangolin Role verifyApiKeyRoleAccess access controlEPSS 0.3%CVE-2025-60291CRITICALAn issue was discovered in eTimeTrackLite Web thru 12.0 (20250704). There is a permission control flaw that allows unauthorized attackers toEPSS 0.3%CVE-2025-11320MEDIUMzhuimengshaonian wisdom-education UploadController.java uploadFile unrestricted uploadEPSS 0.3%CVE-2025-50861MEDIUMThe Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible witEPSS 0.3%CVE-2020-3253MEDIUMCisco Firepower Threat Defense Software Shell Access VulnerabilityEPSS 0.3%CVE-2025-10247MEDIUMJEPaaS Filter doFilterInternal access controlEPSS 0.3%CVE-2026-44874MEDIUMAuthenticated Arbitrary File Download via AOS-10 Web-Based Management InterfaceEPSS 0.3%CVE-2024-41905HIGHA vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not haEPSS 0.3%CVE-2025-48860HIGHA vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remoteEPSS 0.3%CVE-2026-5413MEDIUMNewgen OmniDocs GetWebApiConfiguration information disclosureEPSS 0.3%CVE-2025-4316MEDIUMImproper access control in PAM feature in Devolutions Server allows a PAM user to self approve their PAM requests even if disallowed by the EPSS 0.3%CVE-2025-0745HIGHImproper Access Control vulnerability in EmbedAIEPSS 0.3%CVE-2026-0566MEDIUMcode-projects Content Management System edit_posts.php unrestricted uploadEPSS 0.3%CVE-2026-48616CRITICALRocket.Chat versions <8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, 7.10.13 has an access control vulnerability in Livechat files. ProteEPSS 0.3%CVE-2025-7906MEDIUMyangzongzhuan RuoYi CommonController.java uploadFile unrestricted uploadEPSS 0.3%CVE-2024-42988MEDIUMLack of access control in ChallengeSolves (/api/v1/challenges/<challenge id>/solves) of CTFd v2.0.0 - v3.7.2 allows authenticated users to rEPSS 0.3%CVE-2026-13897HIGHInsufficient policy enforcement in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalatEPSS 0.3%CVE-2024-20397MEDIUMCisco NX-OS Software Image Verification Bypass VulnerabilityEPSS 0.3%