Weaknesses of type CWE-284
4,444 resultsCVE-2024-27895HIGHVulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality.EPSS 0.3%CVE-2021-4477CRITICALHirschmann HiLCOS OpenBAT BAT450 IPv6 IPsec Firewall BypassEPSS 0.3%CVE-2024-20279MEDIUMCisco Application Policy Infrastructure Controller Unauthorized Policy Actions VulnerabilityEPSS 0.3%CVE-2025-37141MEDIUMAuthenticated Arbitrary File Download Vulnerabilities in CLI Binary of AOS-8 Controller/Mobility Conductor Web-Based Management InterfaceEPSS 0.3%CVE-2025-37140MEDIUMAuthenticated Arbitrary File Download Vulnerabilities in CLI Binary of AOS-8 Controller/Mobility Conductor Web-Based Management InterfaceEPSS 0.3%CVE-2025-6466MEDIUMageerle ruoyi-ai SseServiceImpl.java upload unrestricted uploadEPSS 0.3%CVE-2025-13185MEDIUMBdtask/CodeCanyon News365 profile unrestricted uploadEPSS 0.3%CVE-2018-1168—This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attackeEPSS 0.3%CVE-2024-32124MEDIUMAn improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allEPSS 0.3%CVE-2025-2606MEDIUMSourceCodester Best Church Management Software soulwinning_crud.php unrestricted uploadEPSS 0.3%CVE-2026-54761MEDIUMTraefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik servicesEPSS 0.3%CVE-2022-23508HIGHGitOps Run allows for Kubernetes workload injectionEPSS 0.3%CVE-2024-28087MEDIUMIn Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in SubsEPSS 0.3%CVE-2023-29586MEDIUMCode Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary FEPSS 0.3%CVE-2025-30713MEDIUMVulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Manager product of Oracle PeopleSoft (component: Job Opening). The suppoEPSS 0.3%CVE-2025-30697MEDIUMVulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). Supported versions that aEPSS 0.3%CVE-2024-28818MEDIUMAn issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos EPSS 0.3%CVE-2025-21586MEDIUMVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are EPSS 0.3%CVE-2022-42862MEDIUMThis issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may beEPSS 0.3%CVE-2025-46552MEDIUMKHC-INVITATION-AUTOMATION Sensitive User Information Leakage in Invitation AutomationEPSS 0.3%