Weaknesses of type CWE-284
4,448 resultsCVE-2026-33393MEDIUMDiscourse fixes loose hostname matching in spam host allowlistEPSS 0.3%CVE-2025-57212HIGHIncorrect access control in the component ApiOrderService.java of platform v1.0.0 allows attackers to access sensitive information via a craEPSS 0.3%CVE-2026-3429MEDIUMOrg.keycloak.services.resources.account: improper access control leading to mfa deletion and account takeover in keycloak account rest apiEPSS 0.3%CVE-2025-57210HIGHIncorrect access control in the component ApiPayController.java of platform v1.0.0 allows attackers to access sensitive information via unspEPSS 0.3%CVE-2022-28775MEDIUMImproper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permiEPSS 0.3%CVE-2025-54397MEDIUMNetwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 inserts Sensitive Information Into Sent Data to authenticEPSS 0.3%CVE-2025-30450MEDIUMThis issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS VenturaEPSS 0.3%CVE-2025-50071MEDIUMVulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Web Utilities). Supported versions that aEPSS 0.3%CVE-2024-4225HIGHNGDIN_ST v2.0D.0062 - Multiple VulnerabilitiesEPSS 0.3%CVE-2025-57213HIGHIncorrect access control in the component orderService.queryObject of platform v1.0.0 allows attackers to access sensitive information via aEPSS 0.3%CVE-2021-35528HIGHAuthentication Bypass Vulnerability Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB)EPSS 0.3%CVE-2025-65239MEDIUMIncorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers EPSS 0.3%CVE-2025-50897MEDIUMA vulnerability exists in riscv-boom SonicBOOM 1.2 (BOOMv1.2) processor implementation, where valid virtual-to-physical address translationsEPSS 0.3%CVE-2024-57378HIGHWazuh SIEM version 4.8.2 is affected by a broken access control vulnerability. This issue allows the unauthorized creation of internal usersEPSS 0.3%CVE-2022-3263HIGHMeasuresoft ScadaPro Server Improper Access ControlEPSS 0.3%CVE-2025-4431MEDIUMFeatured Image Plus <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Featured Image UpdateEPSS 0.3%CVE-2025-20323MEDIUMMissing Access Control of Saved Searches in the Splunk Archiver appEPSS 0.3%CVE-2026-48947MEDIUMJoomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpointsEPSS 0.3%CVE-2024-20319MEDIUMA vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured mEPSS 0.3%CVE-2026-48956MEDIUMJoomla! Core - [20260710] - Incorrect Access Control in com_modulesEPSS 0.3%