Weaknesses of type CWE-284
4,410 resultsCVE-2024-9298MEDIUMSourceCodester Online Railway Reservation System Ticket ?page=tickets access controlEPSS 0.5%CVE-2026-20887HIGHImproper access control for some Intel Vision software for all versions within Ring 3: User Applications may allow a denial of service. UnprEPSS 0.5%CVE-2021-46851CRITICALThe DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormEPSS 0.5%CVE-2022-36771MEDIUMIBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access tEPSS 0.5%CVE-2026-1107MEDIUMEyouCMS Member Avatar Diyajax.php check_userinfo unrestricted uploadEPSS 0.5%CVE-2024-43492HIGHMicrosoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityEPSS 0.5%CVE-2025-30692MEDIUMVulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Attachments). Supported versions that are affecEPSS 0.5%CVE-2025-3244MEDIUMSourceCodester Web-based Pharmacy Product Management System Create User Page add-admin.php unrestricted uploadEPSS 0.5%CVE-2023-35939HIGHGLPI vulnerable to unauthorized access to Dashboard dataEPSS 0.5%CVE-2020-10627HIGHInsulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an InsEPSS 0.5%CVE-2025-70064HIGHPHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly accesEPSS 0.5%CVE-2024-36535CRITICALInsecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account'sEPSS 0.5%CVE-2023-26460MEDIUMImproper Access Control in SAP NetWeaver AS Java (Cache Management Service)EPSS 0.5%CVE-2025-63221CRITICALThe Axel Technology puma devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication onEPSS 0.5%CVE-2025-26678HIGHWindows Defender Application Control Security Feature Bypass VulnerabilityEPSS 0.5%CVE-2026-5571MEDIUMTechnostrobe HI-LED-WR120-G2 Configuration Data fs information disclosureEPSS 0.5%CVE-2026-37709CRITICALInsecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attEPSS 0.5%CVE-2023-24546HIGHOn affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicioEPSS 0.5%CVE-2026-35307CRITICALVulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.EPSS 0.5%CVE-2025-29448HIGHBooking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causEPSS 0.5%