Weaknesses of type CWE-284
4,451 resultsCVE-2026-2183MEDIUMGreat Developers Certificate Generation System csv.php unrestricted uploadEPSS 0.2%CVE-2025-51627MEDIUMIncorrect access control in CaricaVerbale in Agenzia Impresa Eccobook v2.81.1 allows authenticated attackers with low-level access to escalaEPSS 0.2%CVE-2024-40586MEDIUMAn Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below mEPSS 0.2%CVE-2026-40966MEDIUMVectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltrationEPSS 0.2%CVE-2025-24885HIGHpwn.college has a XSS on dojo pagesEPSS 0.2%CVE-2023-51774HIGHThe json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For examEPSS 0.2%CVE-2025-13198MEDIUMDouPHP file.class.php unrestricted uploadEPSS 0.2%CVE-2026-39169HIGHSEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php.EPSS 0.2%CVE-2026-55114HIGHA malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi NetworEPSS 0.2%CVE-2022-21813MEDIUMNVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or prEPSS 0.2%CVE-2026-28415MEDIUMGradio has Open Redirect in OAuth FlowEPSS 0.2%CVE-2026-35570HIGHOpenClaude has Sandbox Bypass via Early-Exit Logic Flaw that Allows Path TraversalEPSS 0.2%CVE-2026-40888MEDIUMFrappe HR vulnerable to Improper Access ControlEPSS 0.2%CVE-2022-25824MEDIUMImproper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrarEPSS 0.2%CVE-2019-3653MEDIUMESConfig Tool access not controlledEPSS 0.2%CVE-2025-25683MEDIUMAlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF files. This affects AlekSIS-Core 3.0, 3.1, EPSS 0.2%CVE-2024-42796MEDIUMAn Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vEPSS 0.2%CVE-2025-59810MEDIUMAn improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS EPSS 0.2%CVE-2025-0741MEDIUMImproper Access Control vulnerability in EmbedAIEPSS 0.2%CVE-2026-49822HIGHFission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillanceEPSS 0.2%