Weaknesses of type CWE-284

4,449 results
CVE-2026-48948MEDIUMJoomla! Core - [20260702] - Incorrect Access Control in com_contact vcf downloadEPSS 0.3%CVE-2026-48955MEDIUMJoomla! Core - [20260709] - Incorrect Access Control in com_workflowEPSS 0.3%CVE-2026-48956MEDIUMJoomla! Core - [20260710] - Incorrect Access Control in com_modulesEPSS 0.3%CVE-2025-4431MEDIUMFeatured Image Plus <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Featured Image UpdateEPSS 0.3%CVE-2025-24202MEDIUMA logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may EPSS 0.2%CVE-2026-21629MEDIUMJoomla! Core - [20260301] - ACL hardening in com_ajaxEPSS 0.2%CVE-2025-32795MEDIUMDify Allows Insecure User Role Access Control for APP EditingEPSS 0.2%CVE-2026-41100MEDIUMMicrosoft 365 Copilot for Android Spoofing VulnerabilityEPSS 0.2%CVE-2026-56253HIGHCapgo - Unauthenticated Organization Member Email Disclosure via get_org_members RPCEPSS 0.2%CVE-2025-24215MEDIUMThe issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 1EPSS 0.2%CVE-2026-45080MEDIUMKlaw: Improper Access Control Allows Disclosure of Password HashEPSS 0.2%CVE-2025-58714HIGHWindows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityEPSS 0.2%CVE-2026-50881HIGHIncorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to AdminisEPSS 0.2%CVE-2025-55630HIGHA discrepancy in the error message returned by the login function of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3EPSS 0.2%CVE-2026-34754MEDIUMMantisBT allows unauthorized users to upload attachments to restricted issues via REST APIEPSS 0.2%CVE-2025-61749LOWVulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 23.4-23.9. Easily exploitaEPSS 0.2%CVE-2026-39250HIGHAn authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend applicatioEPSS 0.2%CVE-2026-36720HIGHInsecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user typeEPSS 0.2%CVE-2026-40300MEDIUMZulip: Message edit history visible in "moves only" policy through /api/v1/messages/{id}/historyEPSS 0.2%CVE-2024-45326LOWAn Improper Access Control vulnerability [CWE-284] vulnerability in Fortinet FortiDeceptor 6.0.0, FortiDeceptor 5.3 all versions, FortiDecepEPSS 0.2%