Weaknesses of type CWE-284
4,445 resultsCVE-2026-54408HIGHA malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to byEPSS 0.3%CVE-2025-66911MEDIUMTurms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. TEPSS 0.3%CVE-2024-1376MEDIUMEvent post <= 5.9.4 - Missing AuthorizationEPSS 0.3%CVE-2026-5107LOWFRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access controlEPSS 0.3%CVE-2025-62509HIGHFileRise improper ownership/permission validation allowed cross-tenant file operationsEPSS 0.3%CVE-2025-51060MEDIUMAn issue was discovered in CPUID cpuz.sys 1.0.5.4. An attacker can use DeviceIoControl with the unvalidated parameters 0x9C402440 and 0x9C40EPSS 0.3%CVE-2026-6561MEDIUMEyouCMS Index.php edit_adminlogo unrestricted uploadEPSS 0.3%CVE-2025-62510HIGHFileRise insecure folder visibility via name-based mapping and incomplete ACL checksEPSS 0.3%CVE-2020-6774CRITICALKiosk Mode Breakout in Bosch Recording StationEPSS 0.3%CVE-2025-4281MEDIUMShenzhen Sixun Software Sixun Shanghui Group Business Management System LoadData information disclosureEPSS 0.3%CVE-2025-48861MEDIUMA vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract inEPSS 0.3%CVE-2023-50344MEDIUMUnauthenticated File Downloads affect DRYiCE MyXalyticsEPSS 0.3%CVE-2024-45392HIGHSuiteCRM has wrong deletion permission checks on API delete callEPSS 0.3%CVE-2026-8758MEDIUMMetasoft 美特软件 MetaCRM upload3.jsp unrestricted uploadEPSS 0.3%CVE-2026-13547MEDIUMHanwang e-Face General Management Platform upload.do unrestricted uploadEPSS 0.3%CVE-2026-13568MEDIUMSourceCodester Inventory Management System User Registration Endpoint users_handler.php access controlEPSS 0.3%CVE-2025-43515HIGHThe issue was addressed by refusing external connections by default. This issue is fixed in Compressor 4.11.1. An unauthenticated user on thEPSS 0.3%CVE-2020-6971—In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to eEPSS 0.3%CVE-2024-43780MEDIUMUnauthorized channel file uploadEPSS 0.3%CVE-2026-4201MEDIUMglowxq glowxq-oj SysFileController.java upload unrestricted uploadEPSS 0.3%