Weaknesses of type CWE-284

4,428 results
CVE-2025-24198MEDIUMThis issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, EPSS 0.4%CVE-2025-43454HIGHThis issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. AEPSS 0.4%CVE-2024-22807MEDIUMAn issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing EPSS 0.4%CVE-2025-14583MEDIUMcampcodes Online Student Enrollment System register.php unrestricted uploadEPSS 0.4%CVE-2025-2278MEDIUMImproper access control in temporary access requests and checkout requests endpoints in Devolutions Server 2024.3.13 and earlier allows an aEPSS 0.4%CVE-2024-13138MEDIUMwangl1989 mysiteforme LocalUploadServiceImpl upload unrestricted uploadEPSS 0.4%CVE-2023-47325MEDIUMSilverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate direEPSS 0.4%CVE-2022-3325LOWImproper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 befEPSS 0.4%CVE-2025-10116MEDIUMSiempreCMS file_upload.php unrestricted uploadEPSS 0.4%CVE-2024-21741CRITICALGigaDevice GD32E103C8T6 devices have Incorrect Access Control.EPSS 0.4%CVE-2025-52101CRITICALlinjiashop <=0.9 is vulnerable to Incorrect Access Control. When using the default-generated JWT authentication, attackers can bypass the auEPSS 0.4%CVE-2026-24420MEDIUMphpMyFAQ: Attachment download allowed without dlattachment right (broken access control)EPSS 0.4%CVE-2026-22564CRITICALAn Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthoriEPSS 0.4%CVE-2024-5257MEDIUMImproper Access Control in GitLabEPSS 0.4%CVE-2024-51995HIGHLogic bug in ajax.render.php allows for bypass of 'backOffice' access control in Combodo iTopEPSS 0.4%CVE-2023-46759Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality.EPSS 0.4%CVE-2025-15495MEDIUMBiggiDroid Simple PHP CMS editsite.php unrestricted uploadEPSS 0.4%CVE-2025-15426MEDIUMjackying H-ui.admin preview.php unrestricted uploadEPSS 0.4%CVE-2026-24473MEDIUMHono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter)EPSS 0.4%CVE-2026-45649HIGHOffice for Android Spoofing VulnerabilityEPSS 0.4%