Weaknesses of type CWE-284
4,453 resultsCVE-2025-24218MEDIUMA privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.4. An app may beEPSS 0.2%CVE-2022-40964HIGHImproper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enablEPSS 0.2%CVE-2026-34912MEDIUMA missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and EPSS 0.2%CVE-2024-5331MEDIUMBreakdance <= 1.7.2 - Missing AuthorizationEPSS 0.2%CVE-2025-69221MEDIUMLibreChat has Insufficient Access Control for Agent Permission QueriesEPSS 0.2%CVE-2026-34913MEDIUMA missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlEPSS 0.2%CVE-2025-67715MEDIUMWeblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)EPSS 0.2%CVE-2026-40904HIGHChartbrew: Incorrect Access Control in dataset and dataRequest routes via team-scoped permission checksEPSS 0.2%CVE-2026-14034MEDIUMInappropriate implementation in WebXR in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restEPSS 0.2%CVE-2026-48899MEDIUMJoomla! Core - [20260515] - Incorrect Access Control in sample data pluginsEPSS 0.2%CVE-2026-41270HIGHFlowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function SandboxEPSS 0.2%CVE-2024-0373MEDIUMViews for WPForms <= 3.2.2 - Cross-Site Request Forgery via save_viewEPSS 0.2%CVE-2025-60354HIGHUnauthorized modification of arbitrary articles vulnerability exists in blog-vue-springboot.EPSS 0.2%CVE-2025-54343CRITICALAn Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitEPSS 0.2%CVE-2026-42177MEDIUMlinux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are grantedEPSS 0.2%CVE-2025-2557MEDIUMAudi UTR Dashcam Command API access controlEPSS 0.2%CVE-2024-0374MEDIUMViews for WPForms <= 3.2.2 - Cross-Site Request Forgery via create_viewEPSS 0.2%CVE-2025-12344MEDIUMYonyou U8 Cloud Request Header NCloudGatewayServlet unrestricted uploadEPSS 0.2%CVE-2025-24885HIGHpwn.college has a XSS on dojo pagesEPSS 0.2%CVE-2025-53028HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.EPSS 0.2%