Weaknesses of type CWE-284

4,445 results
CVE-2023-51390MEDIUMInformation Disclosure Vulnerability in JournalpumpEPSS 0.3%CVE-2025-24816MEDIUMAn Improper Access Control vulnerability in Nokia MantaRay NMEPSS 0.3%CVE-2024-41162MEDIUMMalicious remote can make an arbitrary local channel read-onlyEPSS 0.3%CVE-2025-14660MEDIUMDecoCMS Mesh Workspace Domain api.ts createTool access controlEPSS 0.3%CVE-2025-31725MEDIUMJenkins monitor-remote-job Plugin 1.0 stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be vieweEPSS 0.3%CVE-2024-29977LOWMalicious remote can create arbitrary reactions on arbitrary postsEPSS 0.3%CVE-2025-31726MEDIUMJenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller wheEPSS 0.3%CVE-2025-12291MEDIUMashymuzuro Full-Ecommece-Website/Muzuro Ecommerce System Add Product index.php unrestricted uploadEPSS 0.3%CVE-2026-1895MEDIUMWeKan Attachment Storage lists.js applyWipLimit ListWIPBleed access controlEPSS 0.3%CVE-2026-46416MEDIUMMicrosoft UFO shared WebSocket handler state causes cross-client response hijackingEPSS 0.3%CVE-2026-1896MEDIUMWeKan Migration Operation comprehensiveBoardMigration.js ComprehensiveBoardMigration MigrationBleed access controlEPSS 0.3%CVE-2026-10277MEDIUMj3k0 mcp-google-workspace MCP Gmail Tool gmail.ts saveToDisk access controlEPSS 0.3%CVE-2026-41006HIGHSpring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configurationEPSS 0.3%CVE-2025-45095HIGHLavasoft Web Companion (also known as Ad-Aware WebCompanion) versions 8.9.0.1091 through 12.1.3.1037 installs the DCIService.exe service witEPSS 0.3%CVE-2024-27803LOWA permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical accesEPSS 0.3%CVE-2024-44303HIGHThe issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1. A malicious application may be able to modify proteEPSS 0.3%CVE-2025-8841MEDIUMzlt2000 microservices-platform FileController.java upload unrestricted uploadEPSS 0.3%CVE-2026-40595HIGHChartbrew: Incorrect Access Control in public chart and export routes via missing onReport and SharePolicy checksEPSS 0.3%CVE-2026-33031HIGHNginx-UI: Disabled users retain full API access through previously issued bearer tokensEPSS 0.3%CVE-2026-21447HIGHBagisto has IDOR in Customer Order Reorder FunctionalityEPSS 0.3%