Weaknesses of type CWE-284
4,448 resultsCVE-2025-59702HIGHEntrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated priviEPSS 0.3%CVE-2026-46824CRITICALVulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). SEPSS 0.3%CVE-2025-66028MEDIUMOneUptime is Vulnerable to Privilege Escalation via Login Response ManipulationEPSS 0.3%CVE-2026-48610HIGHUnder certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found EPSS 0.3%CVE-2026-35402LOWmcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL ProceduresEPSS 0.3%CVE-2025-63681MEDIUMopen-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifyingEPSS 0.3%CVE-2024-0258HIGHThe issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOEPSS 0.3%CVE-2024-35177HIGHImproper Access Control in wazuh-agentEPSS 0.3%CVE-2025-8515LOWIntelbras InControl JSON Endpoint operador information disclosureEPSS 0.3%CVE-2025-53092MEDIUMStrapi core vulnerable to sensitive data exposure via CORS misconfigurationEPSS 0.3%CVE-2026-13818MEDIUMInappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictionEPSS 0.3%CVE-2026-32720HIGHImproper Access Control in github.com/ctfer-io/monitoringEPSS 0.3%CVE-2026-13953MEDIUMInappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the rendererEPSS 0.3%CVE-2026-46912CRITICALVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime Security). Supported versions thatEPSS 0.3%CVE-2022-39910LOWImproper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on aEPSS 0.3%CVE-2026-9445MEDIUMSourceCodester Simple POS and Inventory System File Extension addproduct.php unrestricted uploadEPSS 0.3%CVE-2026-46818HIGHVulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affecteEPSS 0.3%CVE-2026-46871MEDIUMVulnerability in the MySQL Shell product of Oracle MySQL (component: Shell for VS Code). The supported version that is affected is 2026.2.EPSS 0.3%CVE-2025-14522MEDIUMbaowzh hfly upload_json.php unrestricted uploadEPSS 0.3%CVE-2026-34299MEDIUMVulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). TheEPSS 0.3%