Weaknesses of type CWE-284

4,443 results
CVE-2026-0898CRITICALAn arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25.EPSS 0.3%CVE-2025-43204HIGHThis issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to break out of its sandEPSS 0.3%CVE-2026-1078HIGHAn arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Edge.EPSS 0.3%CVE-2026-44208MEDIUMFrappe: IDOR in `submit_discussion()`EPSS 0.3%CVE-2017-15131It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh beforEPSS 0.3%CVE-2023-49099LOWDiscourse secure uploads accessible to guests even when login is requiredEPSS 0.3%CVE-2023-21901HIGHVulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (comEPSS 0.3%CVE-2024-7424MEDIUMMultiple Page Generator Plugin – MPG <= 4.0.1 - Missing AuthorizationEPSS 0.3%CVE-2022-41324MEDIUMNorthern.tech Mender 3.3.x before 3.3.2 and 3.4.x before 3.4.0 has Incorrect Access Control and allows low-privileged users default read accEPSS 0.3%CVE-2025-14082LOWKeycloak-services: keycloak admin rest api: improper access control leads to sensitive role metadata information disclosureEPSS 0.3%CVE-2025-30740MEDIUMVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are EPSS 0.3%CVE-2025-14083LOWKeycloak-server: keycloak: improper access control in admin rest api leads to information disclosureEPSS 0.3%CVE-2025-45610HIGHIncorrect access control in the component /scheduleLog/info/1 of PassJava-Platform v3.0.0 allows attackers to access sensitive information vEPSS 0.3%CVE-2024-13854MEDIUMEducation Addon for Elementor <= 1.3.1 - Authenticated (Contributor+) Insecure Direct Object Reference via naedu_elementor_template ShortcodeEPSS 0.3%CVE-2023-50333LOWLack of restriction to manage group names for freshly demoted guestsEPSS 0.3%CVE-2025-62290HIGHVulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage). The supported version that is EPSS 0.3%CVE-2025-37140MEDIUMAuthenticated Arbitrary File Download Vulnerabilities in CLI Binary of AOS-8 Controller/Mobility Conductor Web-Based Management InterfaceEPSS 0.3%CVE-2024-27895HIGHVulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality.EPSS 0.3%CVE-2025-49692HIGHAzure Connected Machine Agent Elevation of Privilege VulnerabilityEPSS 0.3%CVE-2025-55261HIGHHCL Aftermarket DPC is affected by Missing Functional Level Access ControlEPSS 0.3%