Weaknesses of type CWE-284

4,444 results
CVE-2026-45282MEDIUMNextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file accessEPSS 0.3%CVE-2024-55019MEDIUMIncorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthentiEPSS 0.3%CVE-2025-55366MEDIUMIncorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account EPSS 0.3%CVE-2025-20339MEDIUMCisco SD-WAN vEdge Software Access Control List Bypass VulnerabilityEPSS 0.3%CVE-2025-55371MEDIUMIncorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the iEPSS 0.3%CVE-2025-20316MEDIUMA vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches couEPSS 0.3%CVE-2026-5001MEDIUMPromtEngineer localGPT server.py do_POST unrestricted uploadEPSS 0.3%CVE-2024-1439MEDIUMInadequate access control vulnerability in MoodleEPSS 0.3%CVE-2025-2671MEDIUMYue Lao Blind Box 月老盲盒 Upload.php base64image unrestricted uploadEPSS 0.3%CVE-2026-28823MEDIUMA path handling issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.4. An app with root privileges may be abEPSS 0.3%CVE-2025-20159MEDIUMCisco IOS XR Software Management Interface ACL Bypass VulnerabilityEPSS 0.3%CVE-2026-9421MEDIUMKLiK SocialMediaWebsite File upload.inc.php uniqid unrestricted uploadEPSS 0.3%CVE-2025-4006MEDIUMyouyiio BeyongCms Document Management Page Upload.html unrestricted uploadEPSS 0.3%CVE-2025-15009MEDIUMliweiyi ChestnutCMS Filename upload FilenameUtils.getExtension unrestricted uploadEPSS 0.3%CVE-2025-4310MEDIUMitsourcecode Content Management System add_topic.php unrestricted uploadEPSS 0.3%CVE-2026-2977MEDIUMFastApiAdmin Scheduled Task API controller.py upload_controller unrestricted uploadEPSS 0.3%CVE-2025-29556HIGHExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users wiEPSS 0.3%CVE-2025-65238MEDIUMIncorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackeEPSS 0.3%CVE-2025-56219HIGHIncorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to EPSS 0.3%CVE-2026-5122MEDIUMosrg GoBGP BGP OPEN Message bgp.go DecodeFromBytes access controlEPSS 0.3%