Weaknesses of type CWE-284

4,443 results
CVE-2025-14641MEDIUMcode-projects Computer Laboratory System admin_pic.php unrestricted uploadEPSS 0.3%CVE-2023-41311Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatEPSS 0.3%CVE-2025-5382MEDIUMImproper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to rEPSS 0.3%CVE-2024-53494HIGHIncorrect access control in the preHandle function of SpringBootBlog v1.0.0 allows attackers to access sensitive components without authentiEPSS 0.3%CVE-2025-58337MEDIUMApache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode for doris-mcp-server MCP ServerEPSS 0.3%CVE-2019-1866LOWCisco Webex Business Suite Host Header Value Integrity VulnerabilityEPSS 0.3%CVE-2025-25950HIGHIncorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS)EPSS 0.3%CVE-2025-30132CRITICALAn issue was discovered on IROAD Dashcam V devices. It uses an unregistered public domain name as an internal domain, creating a security riEPSS 0.3%CVE-2025-49603CRITICALNorthern.tech Mender Server before 3.7.11 and 4.x before 4.0.1 has Incorrect Access Control.EPSS 0.3%CVE-2023-45844HIGHThe vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android applEPSS 0.3%CVE-2025-28104CRITICALIncorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted input.EPSS 0.3%CVE-2025-4735MEDIUMCampcodes Sales and Inventory System product.php unrestricted uploadEPSS 0.3%CVE-2025-55240HIGHVisual Studio Elevation of Privilege VulnerabilityEPSS 0.3%CVE-2025-29421HIGHPerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function.EPSS 0.3%CVE-2021-3987MEDIUMImproper Access Control in janeczku/calibre-webEPSS 0.3%CVE-2025-8344MEDIUMopenviglet shio ShStaticFileAPI.java shStaticFileUpload unrestricted uploadEPSS 0.3%CVE-2019-1664HIGHCisco HyperFlex Software Unauthenticated Root Access VulnerabilityEPSS 0.3%CVE-2026-6201MEDIUMCodeAstro Online Job Portal Delete Job Posting job-delete.php access controlEPSS 0.3%CVE-2025-57247CRITICALThe BATBToken smart contract (address 0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2, Compiler Version v0.8.26+commit.8a97fa7a) contains incorreEPSS 0.3%CVE-2025-30140HIGHAn issue was discovered on G-Net Dashcam BB GONX devices. A Public Domain name is Used for the Internal Domain Name. It uses an unregisteredEPSS 0.3%