Weaknesses of type CWE-284
4,449 resultsCVE-2024-31859MEDIUMMember promoted to channel admin via playbooks run linking to channelEPSS 0.2%CVE-2026-56082HIGHCapgo - Unauthenticated Cross-Tenant Billing Log Tampering via public.record_build_time RPCEPSS 0.2%CVE-2026-35240MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.EPSS 0.2%CVE-2025-7487MEDIUMJoeyBling SpringBoot_MyBatisPlus upload SysFileController unrestricted uploadEPSS 0.2%CVE-2025-66557MEDIUMNextcloud Deck app allowed user with "Can share" permission to modify permissions of other non-ownersEPSS 0.2%CVE-2026-35239MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45, EPSS 0.2%CVE-2023-39963HIGHMissing password confirmation when creating app passwordsEPSS 0.2%CVE-2022-42853MEDIUMAn access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.1. An app may be able to modify proEPSS 0.2%CVE-2026-35238MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0EPSS 0.2%CVE-2022-20728MEDIUMCisco Access Points VLAN Bypass from Native VLAN VulnerabilityEPSS 0.2%CVE-2026-35236MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0EPSS 0.2%CVE-2025-27153MEDIUMEscalade GLPI Plugin Vulnerable to Improper Access ControlEPSS 0.2%CVE-2021-3626HIGHWindows version of Multipass unauthenticated localhost tcp control socket can perform mountsEPSS 0.2%CVE-2025-11406MEDIUMkaifangqian kaifangqian-base SysUserController.java getAllUsers information disclosureEPSS 0.2%CVE-2025-63663HIGHIncorrect access control in the /api/v1/conversations/*/files API of GT Edge AI Platform before v2.0.10 allows unauthorized attackers to accEPSS 0.2%CVE-2026-34302MEDIUMVulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader). Supported versions that are affected EPSS 0.2%CVE-2026-54010HIGHOpen WebUI: Forged chat-file link allows cross-user file read and deletionEPSS 0.2%CVE-2025-54338HIGHAn Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which aEPSS 0.2%CVE-2025-63664HIGHIncorrect access control in the /api/v1/conversations/*/messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackersEPSS 0.2%CVE-2026-40603MEDIUMChartbrew: Incorrect Access Control in /api/project/dashboard/:brewName via same-team overrideEPSS 0.2%