Weaknesses of type CWE-284
4,449 resultsCVE-2026-24904MEDIUMTrustTunnel has `client_random_prefix` rule bypass via fragmented or partial TLS ClientHelloEPSS 0.3%CVE-2021-34724MEDIUMCisco IOS XE SD-WAN Software Privilege Escalation VulnerabilityEPSS 0.3%CVE-2026-6489MEDIUMQueryMine sms Background Management addteacher.php unrestricted uploadEPSS 0.3%CVE-2025-25585HIGHIncorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitEPSS 0.3%CVE-2025-63214MEDIUMAn issue was discovered in bridgetech VBC Server & Element Manager, firmware version 6.5.0-10 , 6.5.0-9, allowing unauthorized attackers to EPSS 0.3%CVE-2025-53111MEDIUMGLPI exposes data to non-allowed usersEPSS 0.3%CVE-2025-7106MEDIUMAuthorization Bypass due to Incorrect Access Control in danny-avila/librechatEPSS 0.3%CVE-2026-13933MEDIUMInsufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the rendeEPSS 0.3%CVE-2026-32138HIGHNEXULEAN API Key LeakEPSS 0.3%CVE-2023-21427MEDIUMImproper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition.EPSS 0.3%CVE-2026-26183HIGHRemote Access Management service/API (RPC server) Elevation of Privilege VulnerabilityEPSS 0.3%CVE-2026-48928MEDIUMA inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups.
This vulnerability affects allEPSS 0.3%CVE-2023-27879MEDIUMImproper access control in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable informEPSS 0.3%CVE-2024-46948MEDIUMNorthern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control.EPSS 0.3%CVE-2025-64064HIGHPrimakon Pi Portal 1.0.18 /api/v2/pp_users endpoint fails to adequately check user permissions before processing a PATCH request to modify tEPSS 0.3%CVE-2026-4026HIGHFlexNet Manager Suite Privilege Escalation VulnerabilityEPSS 0.3%CVE-2025-7051HIGHN-central Syslog Configuration Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-30994HIGHIncorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive informatiEPSS 0.3%CVE-2024-44914MEDIUMAn issue in the component EXR!ReadEXR+0x3df50 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. TEPSS 0.3%CVE-2026-13931MEDIUMInappropriate implementation in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the rEPSS 0.3%