Weaknesses of type CWE-284
4,450 resultsCVE-2025-15199MEDIUMcode-projects College Notes Uploading System userprofile.php unrestricted uploadEPSS 0.2%CVE-2025-27215HIGHAn Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsuEPSS 0.2%CVE-2022-28777MEDIUMImproper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CEPSS 0.2%CVE-2022-32946MEDIUMThis issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio usingEPSS 0.2%CVE-2025-66223HIGHOpenObserve's Invite Token Lifecycle MisconfigurationEPSS 0.2%CVE-2026-13949MEDIUMInsufficient policy enforcement in Payments in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentialEPSS 0.2%CVE-2026-0798LOWGitea Release Email Notifications Leak Private Repository Release Details After Access RevocationEPSS 0.2%CVE-2020-7253MEDIUMImproper access control vulnerability in McAfee AgentEPSS 0.2%CVE-2025-58055MEDIUMDiscourse AI Suggestions Contain Insecure Direct Object ReferenceEPSS 0.2%CVE-2024-12307MEDIUMFunction-Level Access Control Vulnerability Allows Unauthorized Modification of Student Data in UnifiedtransformEPSS 0.2%CVE-2024-21805HIGHImproper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. If thiEPSS 0.2%CVE-2022-27635HIGHImproper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enablEPSS 0.2%CVE-2026-45776MEDIUMOpen XDMoD has Broken Access Control via Client-Controlled Session VariableEPSS 0.2%CVE-2023-44283HIGH
In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concEPSS 0.2%CVE-2025-43408LOWThis issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2EPSS 0.2%CVE-2023-6259HIGHLocal Access to Sensitive Data in Brivo ACS100 and ACS300 EPSS 0.2%CVE-2026-45707HIGHn8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incompleteEPSS 0.2%CVE-2025-24218MEDIUMA privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.4. An app may beEPSS 0.2%CVE-2026-40904HIGHChartbrew: Incorrect Access Control in dataset and dataRequest routes via team-scoped permission checksEPSS 0.2%CVE-2026-34913MEDIUMA missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlEPSS 0.2%