Weaknesses of type CWE-284

4,451 results
CVE-2025-63664HIGHIncorrect access control in the /api/v1/conversations/*/messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackersEPSS 0.2%CVE-2026-34302MEDIUMVulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader). Supported versions that are affected EPSS 0.2%CVE-2025-11406MEDIUMkaifangqian kaifangqian-base SysUserController.java getAllUsers information disclosureEPSS 0.2%CVE-2025-54338HIGHAn Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which aEPSS 0.2%CVE-2026-44478HIGHhoppscotch: Unauthenticated Onboarding Config Disclosure via Empty Recovery TokenEPSS 0.2%CVE-2026-28833MEDIUMA permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS EPSS 0.2%CVE-2024-28115HIGHPrivilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabledEPSS 0.2%CVE-2023-24215CRITICALIncorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrEPSS 0.2%CVE-2025-70363HIGHIncorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access EPSS 0.2%CVE-2026-49161HIGHMicrosoft PC Manager Security Feature Bypass VulnerabilityEPSS 0.2%CVE-2022-28778MEDIUMImproper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder asEPSS 0.2%CVE-2024-46539HIGHInsecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a EPSS 0.2%CVE-2021-22907An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions pEPSS 0.2%CVE-2026-47279MEDIUMNocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation EndpointsEPSS 0.2%CVE-2026-44341MEDIUMGoJobs: Insecure Direct Object Reference (IDOR) in Job Retrieval EndpointEPSS 0.2%CVE-2025-10669MEDIUMAirsonic-Advanced Playlist Upload unrestricted uploadEPSS 0.2%CVE-2026-2206MEDIUMWeKan Administrative Repair fixDuplicateLists.js FixDuplicateBleed access controlEPSS 0.2%CVE-2025-10755MEDIUMSelleo Mentingo Content-Type unrestricted uploadEPSS 0.2%CVE-2023-20237MEDIUMA vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services thaEPSS 0.2%CVE-2025-27215HIGHAn Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsuEPSS 0.2%