Weaknesses of type CWE-284
4,445 resultsCVE-2025-43862HIGHDify Allows Unauthorized Access and Modification of APP OrchestrationEPSS 0.3%CVE-2022-42814MEDIUMA logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data.EPSS 0.3%CVE-2025-15109MEDIUMjackq XCMS upload.php unrestricted uploadEPSS 0.3%CVE-2026-7711MEDIUMMindsDB Engine proc_wrapper.py exec unrestricted uploadEPSS 0.3%CVE-2025-29705MEDIUMcode-gen <=2.0.6 is vulnerable to Incorrect Access Control. The project does not have permission control allowing anyone to access such projEPSS 0.3%CVE-2026-28965HIGHA privacy issue was addressed with improved checks. This issue is fixed in iOS 26.5 and iPadOS 26.5. A user may be able to view restricted cEPSS 0.3%CVE-2026-32768HIGHChall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespaceEPSS 0.3%CVE-2023-47294HIGHAn issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete userEPSS 0.3%CVE-2026-2213MEDIUMcode-projects Online Music Site AdminAddAlbum.php unrestricted uploadEPSS 0.3%CVE-2025-50107MEDIUMVulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Request handling). Supported versions that EPSS 0.3%CVE-2026-26328MEDIUMOpenClaw iMessage group allowlist authorization inherited DM pairing-store identitiesEPSS 0.3%CVE-2025-13238MEDIUMBdtask Flight Booking Software Edit Profile edit unrestricted uploadEPSS 0.3%CVE-2024-42022HIGHAn incorrect permission assignment vulnerability allows an attacker to modify product configuration files.EPSS 0.3%CVE-2024-39837LOWMalicious remote can create arbitrary channelsEPSS 0.3%CVE-2026-46822CRITICALVulnerability in the Oracle iAssets product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affectEPSS 0.3%CVE-2026-32995HIGHThe Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.5, <7.13.8, and <7.10.12 EPSS 0.3%CVE-2025-56396HIGHAn issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department having higher rights thaEPSS 0.3%CVE-2025-24532MEDIUMA vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0EPSS 0.3%CVE-2026-32752NONEFreeScout: Broken Access Control in ThreadPolicy — Any User Can Read/Edit All Customer MessagesEPSS 0.3%CVE-2022-26389HIGHImproper Access Control Vulnerability in ELI Electrocardiograph DevicesEPSS 0.3%