Weaknesses of type CWE-284
4,430 resultsCVE-2024-36537HIGHInsecure permissions in cert-manager v1.14.4 allows attackers to access sensitive data and escalate privileges by obtaining the service accoEPSS 0.4%CVE-2024-41600HIGHInsecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and before allows a remote attacker to obtain sensitive information via theEPSS 0.4%CVE-2025-3410MEDIUMmymagicpower AIAS LocalStorageController.java unrestricted uploadEPSS 0.4%CVE-2025-22157HIGHThis High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions:
9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira CoreEPSS 0.4%CVE-2024-1370MEDIUMMaintenance Page <= 1.0.8 - Missing Authorization to Sensitive Information ExposureEPSS 0.4%CVE-2023-27268MEDIUMImproper Access Control in SAP NetWeaver AS Java (Object Analyzing Service)EPSS 0.4%CVE-2023-28845LOWChat room membership disclosed via autocompletion in Nextcloud talkEPSS 0.4%CVE-2024-27841CRITICALThe issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be ablEPSS 0.4%CVE-2025-0460MEDIUMBlog Botz for Journal Theme blog_add unrestricted uploadEPSS 0.4%CVE-2025-23389HIGHRancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First LoginEPSS 0.4%CVE-2025-24088HIGHThe issue was addressed by adding additional logic. This issue is fixed in macOS Tahoe 26. An app may be able to override MDM-enforced settiEPSS 0.4%CVE-2026-7198CRITICALCWE-284: Improper Access Control in web services in Progress SitefinityEPSS 0.4%CVE-2023-49961HIGHWALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data eEPSS 0.4%CVE-2024-0972MEDIUMBuddyPress Members Only <= 3.4.8 - Improper Access Control to Sensitive Information Exposure via REST APIEPSS 0.4%CVE-2021-26732MEDIUMspx_restservice First_network_func Broken Access ControlEPSS 0.4%CVE-2024-27605HIGHAlldata V0.4.6 is vulnerable to Insecure Permissions. Using users (test) can query information about the users in the system.EPSS 0.4%CVE-2025-9942MEDIUMCodeAstro Real Estate Management System submitproperty.php unrestricted uploadEPSS 0.4%CVE-2026-34723HIGHZammad has incorrect access control in getting_started_controllerEPSS 0.4%CVE-2025-1646MEDIUMLumsoft ERP ASPX File UploadAjaxAPI.ashx unrestricted uploadEPSS 0.4%CVE-2025-21340MEDIUMWindows Virtualization-Based Security (VBS) Security Feature Bypass VulnerabilityEPSS 0.4%