Weaknesses of type CWE-284
4,445 resultsCVE-2026-13954MEDIUMInsufficient policy enforcement in XML in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially seEPSS 0.3%CVE-2019-15967MEDIUMCisco TelePresence Collaboration Endpoint and RoomOS Audio Eavesdropping VulnerabilityEPSS 0.3%CVE-2025-30726MEDIUMVulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Supported versions that are afEPSS 0.3%CVE-2026-9562MEDIUMsambitraj STUDENT-MANAGEMENT-SYSTEM Dashboard access controlEPSS 0.3%CVE-2026-11474MEDIUMKushan2k student-management-system Registration Endpoint RegisterService.php unrestricted uploadEPSS 0.3%CVE-2026-13936MEDIUMInappropriate implementation in Passwords in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentiallyEPSS 0.3%CVE-2025-5389MEDIUMJeeWMS File generateController.do dogenerateOne2Many access controlEPSS 0.3%CVE-2026-5124MEDIUMosrg GoBGP BGP Header bgp.go BGPHeader.DecodeFromBytes access controlEPSS 0.3%CVE-2025-5387MEDIUMJeeWMS File generateController.do dogenerate access controlEPSS 0.3%CVE-2026-50885HIGHIncorrect access control in the share-based read endpoints of Sismics Docs (Teedy) v1.11 allow unauthorized attackers to access sensitive enEPSS 0.3%CVE-2025-30288HIGHColdFusion | Improper Access Control (CWE-284)EPSS 0.3%CVE-2026-50739MEDIUMA bypass for CVE‑2026‑34913 exists with proper ownership validation that had not been applied to the reverse operation of linking campaigns EPSS 0.3%CVE-2021-34402MEDIUMNVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileges might be able to read from or write tEPSS 0.3%CVE-2026-40304MEDIUMzrok's broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend recordsEPSS 0.3%CVE-2026-25877MEDIUMChartbrew: Insecure Direct Object Reference (IDOR) in Chart OperationsEPSS 0.3%CVE-2025-61118HIGHmCarFix Motorists App version 2.3 (package name com.skytop.mcarfix), developed by Paniel Mwaura, contains improper access control vulnerabilEPSS 0.3%CVE-2026-50884HIGHIncorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components.EPSS 0.3%CVE-2025-61543HIGHA Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The system uses `$_SERVER['HTTP_HOSTEPSS 0.3%CVE-2026-9352MEDIUMNousResearch hermes-agent Messaging Gateway local.py _make_run_env information disclosureEPSS 0.3%CVE-2023-50159HIGHIn ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executeEPSS 0.3%