Weaknesses of type CWE-284
4,443 resultsCVE-2023-39941HIGHImproper access control in some Intel(R) SUR software before version 2.4.10587 may allow an unauthenticated user to potentially enable deniaEPSS 0.3%CVE-2025-37137MEDIUMAuthenticated Arbitrary File Deletion Vulnerabilities in AOS-8 Controller/Mobility Conductor Command Line Interface (CLI)EPSS 0.3%CVE-2026-1197LOWMineAdmin downloadById information disclosureEPSS 0.3%CVE-2023-3096MEDIUMKylinSoft kylin-software-properties changedSource access controlEPSS 0.3%CVE-2025-20335MEDIUMCisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Arbitrary File Write VulnerabilityEPSS 0.3%CVE-2025-9461MEDIUMdiyhi bbs File Compression FilePackageManageAction.java information disclosureEPSS 0.3%CVE-2024-53304MEDIUMAn issue in LRQA Nettitude PoshC2 after commit 09ee2cf allows unauthenticated attackers to connect to the C2 server and execute arbitrary coEPSS 0.3%CVE-2026-23495MEDIUMPimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" ListingEPSS 0.3%CVE-2024-1888MEDIUMExisting server guests invited to the team by members without "invite_guest" permissionEPSS 0.3%CVE-2025-13815MEDIUMmoxi159753 Mogu Blog v2 pictures unrestricted uploadEPSS 0.3%CVE-2024-29221MEDIUMInvite ID available to team admins even without the "Add Members" permissionEPSS 0.3%CVE-2025-10371MEDIUMeCharge Hardy Barth Salia PLCC api.php unrestricted uploadEPSS 0.3%CVE-2024-1887MEDIUMPublic channel post content accessible without membership when compliance export is enabledEPSS 0.3%CVE-2025-0743MEDIUMImproper Access Control vulnerability in EmbedAIEPSS 0.3%CVE-2026-58421HIGHUnauthenticated ReDoS via CODEOWNERS pattern matching allows denial of serviceEPSS 0.3%CVE-2025-47993HIGHMicrosoft PC Manager Elevation of Privilege VulnerabilityEPSS 0.3%CVE-2024-41806MEDIUMOpen edX Platform's instructor upload CSV for cohort creation not Private by DefaultEPSS 0.3%CVE-2026-24290HIGHWindows Projected File System Elevation of Privilege VulnerabilityEPSS 0.3%CVE-2026-46819CRITICALVulnerability in the Oracle Internet Procurement Connector product of Oracle E-Business Suite (component: Internal Operations). Supported vEPSS 0.3%CVE-2026-48204CRITICALApache Camel: Camel-MongoDB-GridFS: The gridfs.* control headers used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to switch the GridFS operation - including destructive file deletion - in the default configurationEPSS 0.3%