Weaknesses of type CWE-284
4,445 resultsCVE-2025-29705MEDIUMcode-gen <=2.0.6 is vulnerable to Incorrect Access Control. The project does not have permission control allowing anyone to access such projEPSS 0.3%CVE-2024-44913MEDIUMAn issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. TEPSS 0.3%CVE-2022-42814MEDIUMA logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.EPSS 0.3%CVE-2026-6596MEDIUMlangflow-ai langflow API Endpoint endpoints.py create_upload_file unrestricted uploadEPSS 0.3%CVE-2026-4221MEDIUMTiandy Easy7 Integrated Management Platform Endpoint uploadLedImage unrestricted uploadEPSS 0.3%CVE-2025-12884MEDIUMAdvanced Ads – Ad Manager & AdSense <= 2.0.14 - Missing Authorization to Authenticated (Subscriber+) Ad Placements UpdateEPSS 0.3%CVE-2026-4536MEDIUMAcrel Environmental Monitoring Cloud Platform unrestricted uploadEPSS 0.3%CVE-2025-15109MEDIUMjackq XCMS upload.php unrestricted uploadEPSS 0.3%CVE-2025-13238MEDIUMBdtask Flight Booking Software Edit Profile edit unrestricted uploadEPSS 0.3%CVE-2026-46822CRITICALVulnerability in the Oracle iAssets product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affectEPSS 0.3%CVE-2025-24532MEDIUMA vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0EPSS 0.3%CVE-2026-32995HIGHThe Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.5, <7.13.8, and <7.10.12 EPSS 0.3%CVE-2026-2213MEDIUMcode-projects Online Music Site AdminAddAlbum.php unrestricted uploadEPSS 0.3%CVE-2025-56396HIGHAn issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department having higher rights thaEPSS 0.3%CVE-2024-42022HIGHAn incorrect permission assignment vulnerability allows an attacker to modify product configuration files.EPSS 0.3%CVE-2025-50107MEDIUMVulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Request handling). Supported versions that EPSS 0.3%CVE-2026-32752NONEFreeScout: Broken Access Control in ThreadPolicy — Any User Can Read/Edit All Customer MessagesEPSS 0.3%CVE-2024-39837LOWMalicious remote can create arbitrary channelsEPSS 0.3%CVE-2026-26328MEDIUMOpenClaw iMessage group allowlist authorization inherited DM pairing-store identitiesEPSS 0.3%CVE-2023-6491MEDIUMStrong Testimonials <= 3.1.12 - Authenticated(Contributor+) Improper Authorization to Views ModificationEPSS 0.3%