Weaknesses of type CWE-284
4,444 resultsCVE-2025-11352MEDIUMcode-projects Online Hotel Reservation System addexec.php unrestricted uploadEPSS 0.3%CVE-2026-1152MEDIUMtechnical-laohu mpay QR Code Image unrestricted uploadEPSS 0.3%CVE-2025-54563HIGHAn Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which aEPSS 0.3%CVE-2025-11353MEDIUMcode-projects Online Hotel Reservation System addgalleryexec.php unrestricted uploadEPSS 0.3%CVE-2026-3800MEDIUMSourceCodester/janobe Resort Reservation System controller.php doInsert unrestricted uploadEPSS 0.3%CVE-2025-11351MEDIUMcode-projects Online Hotel Reservation System editpicexec.php unrestricted uploadEPSS 0.3%CVE-2025-28041HIGHIncorrect access control in the doFilter function of itranswarp up to 2.19 allows attackers to access sensitive components without authenticEPSS 0.3%CVE-2025-11417MEDIUMCampcodes Advanced Online Voting Management System voters_add.php unrestricted uploadEPSS 0.3%CVE-2023-24490MEDIUMUsers with only access to launch VDA applications can launch an unauthorized desktopEPSS 0.3%CVE-2026-23595HIGHUnauthenticated Authentication Bypass in application API allows unauthorized administrative account creationEPSS 0.3%CVE-2025-9841MEDIUMcode-projects Mobile Shop Management System AddNewProduct.php unrestricted uploadEPSS 0.3%CVE-2026-20632MEDIUMA parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.4. An EPSS 0.3%CVE-2026-29597MEDIUMDDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitEPSS 0.3%CVE-2026-35234MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 9.0.0-9.EPSS 0.3%CVE-2025-14885MEDIUMSourceCodester Client Database Management System Leads Generation user_leads.php unrestricted uploadEPSS 0.3%CVE-2025-8859MEDIUMcode-projects eBlog Site File Upload save-slider.php unrestricted uploadEPSS 0.3%CVE-2026-36738MEDIUMU-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface thaEPSS 0.3%CVE-2023-42945CRITICALA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may gain unauthorized accesEPSS 0.3%CVE-2026-2146MEDIUMguchengwuyue yshopmall co.yixiang.utils.FileUtil updateAvatar unrestricted uploadEPSS 0.3%CVE-2025-55471HIGHIncorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other uEPSS 0.3%