Weaknesses of type CWE-284
4,454 resultsCVE-2025-53060MEDIUMVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are EPSS 0.2%CVE-2025-53041MEDIUMVulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are EPSS 0.2%CVE-2026-11277MEDIUMInsufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretEPSS 0.2%CVE-2021-26360HIGHAn attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This couEPSS 0.2%CVE-2025-3768MEDIUMImproper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypassEPSS 0.2%CVE-2026-30859MEDIUMWeKnora: Broken Access Control - Cross-Tenant Data ExposureEPSS 0.2%CVE-2023-33872MEDIUMImproper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable informatiEPSS 0.2%CVE-2025-67259MEDIUMA Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorEPSS 0.2%CVE-2023-42853MEDIUMA logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An EPSS 0.2%CVE-2022-32918MEDIUMThis issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to bypass PrivacEPSS 0.2%CVE-2025-63739MEDIUMAn issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing EPSS 0.2%CVE-2026-40420HIGHMicrosoft Office Click-To-Run Elevation of Privilege VulnerabilityEPSS 0.2%CVE-2021-25749HIGHrunAsNonRoot logic bypass for Windows containersEPSS 0.2%CVE-2023-43748HIGHImproper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentiaEPSS 0.2%CVE-2024-32044MEDIUMImproper access control for some Intel(R) Arc(TM) Pro Graphics for Windows drivers before version 31.0.101.5319 may allow an authenticated uEPSS 0.2%CVE-2025-30760MEDIUMVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are EPSS 0.2%CVE-2021-1419HIGHCisco Access Points SSH Management Privilege Escalation VulnerabilityEPSS 0.2%CVE-2023-21518MEDIUMImproper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary EPSS 0.2%CVE-2026-35162MEDIUMDell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with remEPSS 0.2%CVE-2026-31815MEDIUMdjango-unicorn affected by component state manipulation via unvalidated attribute accessEPSS 0.2%