Weaknesses of type CWE-284

4,444 results
CVE-2026-2592HIGHZarinpal Gateway for WooCommerce <= 5.0.16 - Improper Access Control to Payment Status UpdateEPSS 0.3%CVE-2024-42766MEDIUMKashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via /deleteTicket.php.EPSS 0.3%CVE-2025-28233CRITICALIncorrect access control in BW Broadcast TX600 (14980), TX300 (32990) (31448), TX150, TX1000, TX30, and TX50 Hardware Version: 2, Software VEPSS 0.3%CVE-2024-20992MEDIUMVulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Content integration). The supported version tEPSS 0.3%CVE-2025-10072MEDIUMPortabilis i-Educar enturmar access controlEPSS 0.3%CVE-2025-70982CRITICALIncorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sEPSS 0.3%CVE-2024-36492HIGHExisting local user overwritten by malicious remoteEPSS 0.3%CVE-2025-4051MEDIUMInsufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage inEPSS 0.3%CVE-2025-7100MEDIUMBoyunCMS Index.php unrestricted uploadEPSS 0.3%CVE-2025-50405MEDIUMIntelbras RX1500 Router v2.2.17 and before is vulnerable to Incorrect Access Control in the FirmwareUpload function and GetFirmwareValidatioEPSS 0.3%CVE-2026-45658HIGHWindows BitLocker Security Feature Bypass VulnerabilityEPSS 0.3%CVE-2026-42205HIGHAvo: Broken Access Control: Unauthorized Execution of Arbitrary Action Classes Across ResourcesEPSS 0.3%CVE-2025-20316MEDIUMA vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches couEPSS 0.3%CVE-2025-2671MEDIUMYue Lao Blind Box 月老盲盒 Upload.php base64image unrestricted uploadEPSS 0.3%CVE-2024-1439MEDIUMInadequate access control vulnerability in MoodleEPSS 0.3%CVE-2025-1835MEDIUMosuuu LightPicture Api.php upload unrestricted uploadEPSS 0.3%CVE-2025-55367MEDIUMIncorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily moEPSS 0.3%CVE-2026-5001MEDIUMPromtEngineer localGPT server.py do_POST unrestricted uploadEPSS 0.3%CVE-2026-7733MEDIUMfunadmin Frontend Chunked Upload Endpoint UploadService.php chunkUpload unrestricted uploadEPSS 0.3%CVE-2026-2979MEDIUMFastApiAdmin Scheduled Task API controller.py user_avatar_upload_controller unrestricted uploadEPSS 0.3%