Weaknesses of type CWE-284
4,444 resultsCVE-2026-35314HIGHVulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Web Server Plugin). Supported versions that are EPSS 0.3%CVE-2026-46978CRITICALVulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is affEPSS 0.3%CVE-2026-47269HIGHpam_usb: deny_remote feature incorrectly classifies IPv4-mapped IPv6 remote connections as localEPSS 0.3%CVE-2025-66027HIGHRallly Information Disclosure Vulnerability in Participant API Leaks Names and Emails Despite Pro Privacy SettingsEPSS 0.3%CVE-2025-59253MEDIUMWindows Search Service Denial of Service VulnerabilityEPSS 0.3%CVE-2022-42865MEDIUMThis issue was addressed by enabling hardened runtime. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchEPSS 0.3%CVE-2024-38518MEDIUMbbb-web API additional parameters consideredEPSS 0.3%CVE-2024-13693MEDIUMEnfold <= 6.0.9 - Missing Authorization to Sensitive Information Disclosure in avia-export-class.phpEPSS 0.3%CVE-2025-63422HIGHIncorrect access control in the Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows EPSS 0.3%CVE-2026-3187MEDIUMfeiyuchuixue sz-boot-parent API Endpoint upload unrestricted uploadEPSS 0.3%CVE-2026-35229HIGHVulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.30 and 21.3-21.21. EasiEPSS 0.3%CVE-2026-34310HIGHVulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (comEPSS 0.3%CVE-2023-49098LOWReaction data for user notifications exposed in Discourse-reactionsEPSS 0.3%CVE-2026-21959MEDIUMVulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader). Supported versions that are affected EPSS 0.3%CVE-2026-3542HIGHInappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memoEPSS 0.3%CVE-2026-44556HIGHOpen WebUI: responses passthrough endpoint lacks access control authorizationEPSS 0.3%CVE-2025-55797MEDIUMAn improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/[schemaId] endpoint allows unauthenticated attackers EPSS 0.3%CVE-2026-41728HIGHSpring Data REST JSON Patch bypasses Jackson read-only property protection on nested objects and collectionsEPSS 0.3%CVE-2023-3099MEDIUMKylinSoft youker-assistant Arbitrary File dbus.SystemBus delete_file access controlEPSS 0.3%CVE-2026-3209MEDIUMfosrl Pangolin Role verifyApiKeyRoleAccess access controlEPSS 0.3%