Weaknesses of type CWE-284
4,457 resultsCVE-2025-43263HIGHThe issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sanEPSS 0.2%CVE-2021-25431—Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x allows unEPSS 0.2%CVE-2023-0012MEDIUMLocal Privilege Escalation in SAP Host Agent (Windows)EPSS 0.2%CVE-2026-35230HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.EPSS 0.2%CVE-2022-41689HIGHImproper access control in some Intel In-Band Manageability software before version 3.0.14 may allow an authenticated user to potentially enEPSS 0.2%CVE-2026-56050MEDIUMWordPress PPOM for WooCommerce plugin <= 33.0.18 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2023-44290HIGH
Dell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could pEPSS 0.2%CVE-2022-36443HIGHAn issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels (wirEPSS 0.2%CVE-2022-23829HIGHA potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native SystEPSS 0.2%CVE-2023-45217HIGHImproper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escEPSS 0.2%CVE-2023-40070HIGHImproper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable EPSS 0.2%CVE-2025-1882LOWi-Drive i11/i12 Device Setting improper access control for register interfaceEPSS 0.2%CVE-2023-44289HIGH
Dell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could EPSS 0.2%CVE-2023-6968HIGHThe Moneytizer <= 9.6.3 - Cross-Site Request Forgery via multiple AJAX actionsEPSS 0.2%CVE-2026-9374MEDIUMyangzongzhuan RuoYi-Vue Common Upload Endpoint upload FileUploadUtils.upload unrestricted uploadEPSS 0.2%CVE-2022-30745MEDIUMImproper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share.EPSS 0.2%CVE-2025-12182MEDIUMQi Blocks <= 1.4.3 - Missing Authorization to Arbitrary Attachment ResizeEPSS 0.2%CVE-2026-55118HIGHA malicious actor with access to the network,low privileges and under certain conditions could exploit an Improper Access Control vulnerabilEPSS 0.2%CVE-2026-7959LOWInappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the rendereEPSS 0.2%CVE-2023-38411LOWImproper access control in the Intel Smart Campus android application before version 9.4 may allow an authenticated user to potentially enabEPSS 0.2%