Weaknesses of type CWE-284

4,431 results
CVE-2025-3969MEDIUMcodeprojects News Publishing Site Dashboard Edit Category Page edit-category.php unrestricted uploadEPSS 0.4%CVE-2026-31388MEDIUMApache OFBiz: Cross-Tenant Data Exposure via Program Export FeatureEPSS 0.4%CVE-2025-3807MEDIUMzhenfeng13 My-BBS Endpoint UploadController.java upload unrestricted uploadEPSS 0.4%CVE-2018-17931If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be EPSS 0.4%CVE-2023-3303MEDIUMImproper Access Control in admidio/admidioEPSS 0.4%CVE-2025-4259MEDIUMnewbee-mall UploadController.java upload unrestricted uploadEPSS 0.4%CVE-2025-5171MEDIUMllisoft MTA Maita Training System OpenController.java this.fileService.download unrestricted uploadEPSS 0.4%CVE-2025-2952MEDIUMBluestar Micro Mall api.php unrestricted uploadEPSS 0.4%CVE-2026-20912CRITICALGitea: Cross-Repository Authorization Bypass via Release Attachment Linking Leads to Private Attachment DisclosureEPSS 0.4%CVE-2025-11658MEDIUMProjectsAndPrograms School Management System changeSllyabus.php unrestricted uploadEPSS 0.4%CVE-2025-11660MEDIUMProjectsAndPrograms School Management System uploadSllyabus.php unrestricted uploadEPSS 0.4%CVE-2020-37116HIGHGUnet OpenEclass 1.7.3 E-learning platform - phpMyAdmin Remote AccessEPSS 0.4%CVE-2024-42514HIGHA vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to EPSS 0.4%CVE-2023-3304MEDIUMImproper Access Control in admidio/admidioEPSS 0.4%CVE-2026-20897CRITICALGitea Git LFS Lock Deletion Broken Access Control (Cross-Repo IDOR)EPSS 0.4%CVE-2026-32938CRITICALSiYuan has an Arbitrary File Read in its Desktop Publish ServiceEPSS 0.4%CVE-2022-45430LOWSome Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access conEPSS 0.4%CVE-2025-3398MEDIUMlenve VBlog WebSecurityConfig.java configure access controlEPSS 0.4%CVE-2026-46791HIGHVulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that EPSS 0.4%CVE-2022-23240MEDIUMActive IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability whichEPSS 0.4%