Weaknesses of type CWE-284

4,449 results
CVE-2026-40300MEDIUMZulip: Message edit history visible in "moves only" policy through /api/v1/messages/{id}/historyEPSS 0.2%CVE-2026-3110HIGHMultiple vulnerabilities on the Educativa CampusEPSS 0.2%CVE-2026-46971HIGHVulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations). Supported versions that arEPSS 0.2%CVE-2026-46959HIGHVulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite (component: Internal Operations). Supported versions thEPSS 0.2%CVE-2024-45326LOWAn Improper Access Control vulnerability [CWE-284] vulnerability in Fortinet FortiDeceptor 6.0.0, FortiDeceptor 5.3 all versions, FortiDecepEPSS 0.2%CVE-2024-57360MEDIUMhttps://www.gnu.org/software/binutils/ nm >=2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The componentEPSS 0.2%CVE-2026-20007MEDIUMCisco Secure Firewall Threat Defense Software Snort Deep Inspection Bypass VulnerabilityEPSS 0.2%CVE-2026-46958HIGHVulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite (component: Internal Operations). Supported versions thEPSS 0.2%CVE-2020-16241MEDIUMPhilips SureSigns VS4 Improper Access ControlEPSS 0.2%CVE-2026-24039MEDIUMHorilla's Improper Access Control Allows Employees to Auto-Approve DocumentsEPSS 0.2%CVE-2025-61763HIGHVulnerability in Oracle Essbase (component: Essbase Web Platform). The supported version that is affected is 21.7.3.0.0. Easily exploitablEPSS 0.2%CVE-2025-6531MEDIUMSIFUSM/MZZYG BD S1 RTSP Live Video Stream Endpoint access controlEPSS 0.2%CVE-2026-46812MEDIUMVulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Supported versions that EPSS 0.2%CVE-2026-5228HIGHImproper Access Control in Kurt Software Studio's WriteUp Mobile AppEPSS 0.2%CVE-2025-15084LOWyoulaitech youlai-mall Order Payment OrderController.java orderService.payOrder access controlEPSS 0.2%CVE-2025-67796HIGHIKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as otherEPSS 0.2%CVE-2026-43652HIGHA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protecEPSS 0.2%CVE-2026-33381MEDIUMUsers can generate Service Account tokens after permissions removalEPSS 0.2%CVE-2026-46770MEDIUMVulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: Security Framework). SuEPSS 0.2%CVE-2023-40528MEDIUMThis issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17,EPSS 0.2%