Weaknesses of type CWE-284
4,445 resultsCVE-2022-42811MEDIUMAn access issue was addressed with additional sandbox restrictions. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura EPSS 0.3%CVE-2025-54339CRITICALAn Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitEPSS 0.3%CVE-2026-46441HIGHFlowise: Mass Assignment in Assistant Update Endpoint Allows Cross-Workspace Resource ReassignmentEPSS 0.3%CVE-2026-44958MEDIUMAn access control bypass allows an advertiser‑level user to activate or deactivate a banner in Revive Adserver 6.0.6 and earlier, even when EPSS 0.3%CVE-2026-50564CRITICALFission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escapeEPSS 0.3%CVE-2024-0104MEDIUMNVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause impropeEPSS 0.3%CVE-2025-44657LOWIn Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead toEPSS 0.3%CVE-2026-21447HIGHBagisto has IDOR in Customer Order Reorder FunctionalityEPSS 0.3%CVE-2025-30438MEDIUMThis issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS SonomEPSS 0.3%CVE-2024-5270MEDIUMSAML to email switch possible when email signin is disabledEPSS 0.3%CVE-2026-26417HIGHA broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows autheEPSS 0.3%CVE-2026-48958MEDIUMJoomla! Core - [20260712] - Incorrect Access Control in com_fields webservice endpointsEPSS 0.3%CVE-2026-45301HIGHOpen WebUI: Missing permission check in files API allows authenticated users to list, access and delete every uploaded fileEPSS 0.3%CVE-2026-31018HIGHIn Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to EPSS 0.3%CVE-2025-7552MEDIUMDromara Northstar Path AuthorizationInterceptor.java preHandle access controlEPSS 0.3%CVE-2026-50280MEDIUMCraft CMS: Authorization bypass in `entries/move-to-section` via missing target-section save checkEPSS 0.3%CVE-2026-2665MEDIUMhuanzi-qch base-admin JSP Parser SysFileController.java upload unrestricted uploadEPSS 0.3%CVE-2026-46810MEDIUMVulnerability in the Identity Manager product of Oracle Fusion Middleware (component: End User Self Service). Supported versions that are aEPSS 0.3%CVE-2026-34309HIGHVulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affeEPSS 0.3%CVE-2025-56499MEDIUMIncorrect access control in mihomo v1.19.11 allows authenticated attackers with low-level privileges to read arbitrary files with elevated pEPSS 0.3%