Weaknesses of type CWE-284

4,457 results
CVE-2025-3082LOWUser may override a view's collation and gain unauthorized access to underlying dataEPSS 0.2%CVE-2026-43701HIGHThe issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A maliEPSS 0.2%CVE-2022-35276HIGHImproper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user tEPSS 0.2%CVE-2023-26585MEDIUMImproper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentEPSS 0.2%CVE-2024-39797MEDIUMImproper access control in some drivers for Intel(R) Ethernet Connection I219 Series before version 12.19.1.39 may allow an authenticated usEPSS 0.2%CVE-2024-3746MEDIUMMeasuresoft ScadaPro Improper Access ControlEPSS 0.2%CVE-2026-29197MEDIUMIn versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the endpoints /api/apps/logs and /api/apps/:id/EPSS 0.2%CVE-2025-65097HIGHInsecure Direct Object Reference (IDOR) Allows Unauthorized Deletion of User CollectionsEPSS 0.2%CVE-2025-36636MEDIUMImproper Access ControlEPSS 0.2%CVE-2026-41487MEDIUMLangfuse: Improper role-based-access control in Langfuse LLM connection management allowed users of role “member” to retrieve stored LLM provider API keysEPSS 0.2%CVE-2025-43340HIGHA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to break out of itEPSS 0.2%CVE-2023-35062MEDIUMImproper access control in some Intel(R) DSA software before version 23.4.33 may allow a privileged user to potentially enable escalation ofEPSS 0.2%CVE-2026-43934MEDIUMe107: Broken Access Control in e107 comment edit allows cross-user comment modificationEPSS 0.2%CVE-2023-29113MEDIUMA lack of access control in custom IPC mechanismEPSS 0.2%CVE-2024-39934HIGHRobotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Python environment setup is enabled, because EPSS 0.2%CVE-2025-43477MEDIUMA privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.2, macOS SonomEPSS 0.2%CVE-2025-43396MEDIUMA logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. A sandEPSS 0.2%CVE-2025-30729MEDIUMVulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security).EPSS 0.2%CVE-2026-7021MEDIUMSmythOS sre Connector Service utils.ts information disclosureEPSS 0.2%CVE-2026-34269MEDIUMVulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affectEPSS 0.2%