Weaknesses of type CWE-284
4,447 resultsCVE-2025-46175HIGHRuoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysEPSS 0.3%CVE-2025-45081HIGHMisconfigured settings in IITB SSO v1.1.0 allow attackers to access sensitive application data.EPSS 0.3%CVE-2026-22754HIGHervlet Path Not Correctly Included in Path Matching of XML Authorization RulesEPSS 0.3%CVE-2025-0742MEDIUMImproper Access Control vulnerability in EmbedAIEPSS 0.3%CVE-2023-38296HIGHVarious software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local EPSS 0.3%CVE-2026-37100MEDIUMAn issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmware 2.40 (Mobile App: Sound Bar Remote / vEPSS 0.3%CVE-2025-4768MEDIUMfeng_ha_ha/megagao ssm-erp/production_ssm PictureServiceImpl.java uploadPicture unrestricted uploadEPSS 0.3%CVE-2025-44178MEDIUMDASAN GPON ONU H660WM H660WMR210825 is susceptible to improper access control under its default settings. Attackers can exploit this vulneraEPSS 0.3%CVE-2026-1898MEDIUMWeKan LDAP User Sync syncUser.js SyncLDAPBleed access controlEPSS 0.3%CVE-2025-46174HIGHRuoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUseEPSS 0.3%CVE-2021-1449MEDIUMCisco Access Point Software Arbitrary Code Execution VulnerabilityEPSS 0.3%CVE-2026-23496MEDIUMPimcore Web2Print Tools Bundle "Favourite Output Channel Configuration" Missing Function Level AuthorizationEPSS 0.3%CVE-2026-49823HIGHFission: Cross-namespace Package read via unvalidated PackageRef in Function admission webhookEPSS 0.3%CVE-2025-0744HIGHImproper Access Control vulnerability in EmbedAIEPSS 0.3%CVE-2025-14977HIGHDokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy <= 4.2.4 - Insecure Direct Object Reference to PayPal Account Takeover and Sensitive Information DisclosureEPSS 0.3%CVE-2026-27708HIGHFOSSBilling: IDOR in Servicecustom Client API allows cross-client data accessEPSS 0.3%CVE-2026-32038CRITICALOpenClaw - Sandbox Network Isolation Bypass via docker.network=container ParameterEPSS 0.3%CVE-2025-47222MEDIUMA class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties rEPSS 0.3%CVE-2025-59697HIGHEntrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileEPSS 0.3%CVE-2025-59702HIGHEntrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated priviEPSS 0.3%