Weaknesses of type CWE-284

4,445 results
CVE-2026-25877MEDIUMChartbrew: Insecure Direct Object Reference (IDOR) in Chart OperationsEPSS 0.3%CVE-2026-40304MEDIUMzrok's broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend recordsEPSS 0.3%CVE-2025-61543HIGHA Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The system uses `$_SERVER['HTTP_HOSTEPSS 0.3%CVE-2026-20909MEDIUMGitea tracked-time list endpoint has insufficient permission checksEPSS 0.3%CVE-2023-50159HIGHIn ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executeEPSS 0.3%CVE-2026-50884HIGHIncorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components.EPSS 0.3%CVE-2026-9352MEDIUMNousResearch hermes-agent Messaging Gateway local.py _make_run_env information disclosureEPSS 0.3%CVE-2021-34402MEDIUMNVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileges might be able to read from or write tEPSS 0.3%CVE-2025-62159HIGHExternal Secrets Operator's BeyondTrust Provider has Insecure Secret RetrievalEPSS 0.3%CVE-2026-54533MEDIUMvantage6 node has an Improper Access Control issueEPSS 0.3%CVE-2025-9800MEDIUMSimStudioAI sim HTML File route.ts import unrestricted uploadEPSS 0.3%CVE-2025-60876MEDIUMBusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the reEPSS 0.3%CVE-2026-41166HIGHOpenRemote has Improper Access Control via updateUserRealmRoles functionEPSS 0.3%CVE-2020-3524MEDIUMCisco IOS XE ROM Monitor Software VulnerabilityEPSS 0.3%CVE-2025-15109MEDIUMjackq XCMS upload.php unrestricted uploadEPSS 0.3%CVE-2022-42814MEDIUMA logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.EPSS 0.3%CVE-2026-6596MEDIUMlangflow-ai langflow API Endpoint endpoints.py create_upload_file unrestricted uploadEPSS 0.3%CVE-2025-43862HIGHDify Allows Unauthorized Access and Modification of APP OrchestrationEPSS 0.3%CVE-2026-4536MEDIUMAcrel Environmental Monitoring Cloud Platform unrestricted uploadEPSS 0.3%CVE-2025-29705MEDIUMcode-gen <=2.0.6 is vulnerable to Incorrect Access Control. The project does not have permission control allowing anyone to access such projEPSS 0.3%