Weaknesses of type CWE-284

4,457 results
CVE-2025-69634CRITICALCross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field EPSS 0.1%CVE-2026-41999MEDIUMIncorrect Behaviour of Views with TCP PROXY RequestsEPSS 0.1%CVE-2026-4105MEDIUMSystemd: systemd: privilege escalation via improper access control in registermachine d-bus methodEPSS 0.1%CVE-2025-61760HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.EPSS 0.1%CVE-2025-31186LOWA permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy prefEPSS 0.1%CVE-2026-20601LOWA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystEPSS 0.1%CVE-2026-46974HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.EPSS 0.1%CVE-2025-43313MEDIUMA logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7EPSS 0.1%CVE-2026-40865HIGHHorilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>EPSS 0.1%CVE-2025-24916HIGHImproper Access Control leads to Local Priviledge EscalationEPSS 0.1%CVE-2026-46771MEDIUMVulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: Java Business Objects). EPSS 0.1%CVE-2026-46913CRITICALVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Installation Security). Supported versions thaEPSS 0.1%CVE-2026-40452HIGHApache IoTDB: Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated usersEPSS 0.1%CVE-2025-31260MEDIUMA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensEPSS 0.1%CVE-2024-21740HIGHArtery AT32F415CBT7 and AT32F421C8T7 devices have Incorrect Access Control.EPSS 0.1%CVE-2026-12490HIGHBypass of client certificate verification with transfer over TLSEPSS 0.1%CVE-2025-43404LOWA permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to accesEPSS 0.1%CVE-2024-22830MEDIUMAnti-Cheat Expert's Windows kernel module "ACE-BASE.sys" version 1.0.2202.6217 does not perform proper access control when handling system rEPSS 0.1%CVE-2023-33071HIGHImproper Access Control in Automotive OS Platform AndroidEPSS 0.1%CVE-2026-8233LOWDotouch XproUPF access controlEPSS 0.1%