Weaknesses of type CWE-284

4,445 results
CVE-2025-61119HIGHKanova Android App version 1.0.27 (package name com.karelane), developed by Karely L.L.C., contains improper access control vulnerabilities.EPSS 0.3%CVE-2023-29121CRITICALExposed TCF agent service in Enel X JuiceboxEPSS 0.3%CVE-2026-13864HIGHInsufficient policy enforcement in WebHID in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a maliEPSS 0.3%CVE-2024-21132MEDIUMVulnerability in the Oracle Purchasing product of Oracle E-Business Suite (component: Approvals). Supported versions that are affected are EPSS 0.3%CVE-2025-5873MEDIUMeCharge Hardy Barth Salia PLCC Web UI firmware.php unrestricted uploadEPSS 0.3%CVE-2025-0691MEDIUMImproper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "EEPSS 0.3%CVE-2025-63363HIGHA lack of Management Frame Protection in Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1:EPSS 0.3%CVE-2026-32299HIGHConnect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval FeatureEPSS 0.3%CVE-2026-48898HIGHJoomla! Core - [20260513] - Privilege escalation through com_users batch taskEPSS 0.3%CVE-2026-42863HIGHFlowise: Mass Assignment in Chatflow Update Endpoint Allows Cross-Workspace AgentFlow ReassignmentEPSS 0.3%CVE-2026-48578HIGHSecure Boot Security Feature Bypass VulnerabilityEPSS 0.3%CVE-2026-7393MEDIUMSourceCodester Pizzafy Ecommerce System File Extension admin_class_novo.php save_menu unrestricted uploadEPSS 0.3%CVE-2026-1407LOWBeetel 777VR1 UART information disclosureEPSS 0.3%CVE-2025-66736HIGHyoulai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permissEPSS 0.3%CVE-2023-37749MEDIUMIncorrect access control in the REST API endpoint of HubSpot v1.29441 allows unauthenticated attackers to view users' data without proper auEPSS 0.3%CVE-2026-48906CRITICALExtension - tassos.gr - Arbitrary File Deletion in Novarain/Tassos Framework < 6.1.0 for JoomlaEPSS 0.3%CVE-2026-35277HIGHVulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vuEPSS 0.3%CVE-2025-5390MEDIUMJeeWMS File filedeal.do filedeal access controlEPSS 0.3%CVE-2026-13828MEDIUMInappropriate implementation in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitiveEPSS 0.3%CVE-2025-45081HIGHMisconfigured settings in IITB SSO v1.1.0 allow attackers to access sensitive application data.EPSS 0.3%