Weaknesses of type CWE-284

4,445 results
CVE-2025-60800HIGHIncorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive informaEPSS 0.3%CVE-2023-24544HIGHImproper access control vulnerability in Buffalo network devices allows a network-adjacent attacker to obtain specific files of the product.EPSS 0.3%CVE-2024-50353MEDIUMICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than ExpectedEPSS 0.3%CVE-2017-14031An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to reEPSS 0.3%CVE-2024-40812HIGHA logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS MonteEPSS 0.3%CVE-2025-1115MEDIUMRT-Thread lwp_syscall.c sys_timer_settime information disclosureEPSS 0.3%CVE-2025-26138MEDIUMSystemic Risk Value <=2.8.0 is vulnerable to improper access control in /RiskValue/GroupingEntities/Controls/GetFile.aspx?ID=. Uploaded fileEPSS 0.3%CVE-2026-46695CRITICALBoxLite: Permission Bypass in boxlite Allows Modification of Read-Only FilesEPSS 0.3%CVE-2025-15050MEDIUMcode-projects Student File Management System save_file.php unrestricted uploadEPSS 0.3%CVE-2026-3543HIGHInappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds mEPSS 0.3%CVE-2026-24035MEDIUMHorilla has Improper Access Control Issue that Allows Unauthorized Document Upload on Behalf of Another EmployeeEPSS 0.3%CVE-2026-26977MEDIUMFrappe Learning Management System exposes details of unpublished courses to unauthorized usersEPSS 0.3%CVE-2025-65780HIGHAn issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authenticated users can update theEPSS 0.3%CVE-2026-11474MEDIUMKushan2k student-management-system Registration Endpoint RegisterService.php unrestricted uploadEPSS 0.3%CVE-2025-54786MEDIUMSuiteCRM: Legacy iCal service allows unauthenticated access to meeting dataEPSS 0.3%CVE-2025-30726MEDIUMVulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Supported versions that are afEPSS 0.3%CVE-2026-13932MEDIUMInappropriate implementation in Sharing in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised theEPSS 0.3%CVE-2026-13936MEDIUMInappropriate implementation in Passwords in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentiallyEPSS 0.3%CVE-2026-32220MEDIUMUEFI Secure Boot Security Feature Bypass VulnerabilityEPSS 0.3%CVE-2024-10241MEDIUMPrivate channel names leaked with Ctrl+K when ElasticSearch is enabledEPSS 0.3%