Weaknesses of type CWE-284

4,453 results
CVE-2024-43031MEDIUMautMan v2.9.6 was discovered to contain an access control issue.EPSS 0.2%CVE-2026-3796MEDIUMQi-ANXIN QAX Virus Removal Mini Filter Driver QKSecureIO_Imp.sys ZwTerminateProcess access controlEPSS 0.2%CVE-2026-56217MEDIUMCapgo - Encrypted Bundle Policy Bypass via Direct PostgREST UpdateEPSS 0.2%CVE-2026-7862HIGHEupago Gateway For Woocommerce < 4.7.2 - Unauthenticated Arbitrary Refund InitiationEPSS 0.2%CVE-2025-5962HIGHRhel-lightspeed: improper access control in lightspeed history management allows local privilege manipulationEPSS 0.2%CVE-2025-54871MEDIUMElectron Capture is Vulnerable to TCC Bypass via Misconfigured Node Fuses (macOS)EPSS 0.2%CVE-2026-11326MEDIUMOpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerabiliEPSS 0.2%CVE-2025-13249MEDIUMJiusi OA OfficeServer unrestricted uploadEPSS 0.2%CVE-2026-14776MEDIUMSourceCodester Onlne Examination & Learning Management System Filename Extension upload_files.php pathinfo unrestricted uploadEPSS 0.2%CVE-2026-11333MEDIUMtittuvarghese CollegeManagementSystem Student Data Upload Endpoint upload_student_data.php unrestricted uploadEPSS 0.2%CVE-2026-13544MEDIUMFeehi CMS API users access controlEPSS 0.2%CVE-2026-14777MEDIUMSourceCodester Onlne Examination & Learning Management System announcements.php unrestricted uploadEPSS 0.2%CVE-2025-29557MEDIUMExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-leveEPSS 0.2%CVE-2025-11716MEDIUMSandboxed iframes allowed links to open in external apps (Android only)EPSS 0.2%CVE-2025-61881MEDIUMVulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4EPSS 0.2%CVE-2026-1009CRITICALStored Cross-Site Scripting in Altium Live Forum Leading to Cross-Customer Data ExposureEPSS 0.2%CVE-2026-14775MEDIUMSourceCodester Onlne Examination & Learning Management System process_lesson.php unrestricted uploadEPSS 0.2%CVE-2021-26360HIGHAn attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This couEPSS 0.2%CVE-2026-30859MEDIUMWeKnora: Broken Access Control - Cross-Tenant Data ExposureEPSS 0.2%CVE-2026-11277MEDIUMInsufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretEPSS 0.2%