Weaknesses of type CWE-284

4,453 results
CVE-2025-53028HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.EPSS 0.2%CVE-2024-36293MEDIUMImproper access control in the EDECCSSA user leaf function for some Intel(R) Processors with Intel(R) SGX may allow an authenticated user toEPSS 0.2%CVE-2024-40586MEDIUMAn Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below mEPSS 0.2%CVE-2025-24885HIGHpwn.college has a XSS on dojo pagesEPSS 0.2%CVE-2026-2183MEDIUMGreat Developers Certificate Generation System csv.php unrestricted uploadEPSS 0.2%CVE-2025-51627MEDIUMIncorrect access control in CaricaVerbale in Agenzia Impresa Eccobook v2.81.1 allows authenticated attackers with low-level access to escalaEPSS 0.2%CVE-2025-13198MEDIUMDouPHP file.class.php unrestricted uploadEPSS 0.2%CVE-2026-28415MEDIUMGradio has Open Redirect in OAuth FlowEPSS 0.2%CVE-2026-55114HIGHA malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi NetworEPSS 0.2%CVE-2026-39169HIGHSEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php.EPSS 0.2%CVE-2022-21813MEDIUMNVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or prEPSS 0.2%CVE-2026-40888MEDIUMFrappe HR vulnerable to Improper Access ControlEPSS 0.2%CVE-2026-35570HIGHOpenClaude has Sandbox Bypass via Early-Exit Logic Flaw that Allows Path TraversalEPSS 0.2%CVE-2025-25683MEDIUMAlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF files. This affects AlekSIS-Core 3.0, 3.1, EPSS 0.2%CVE-2026-7578MEDIUMMacCMS Pro Plugin Installation add.html install unrestricted uploadEPSS 0.2%CVE-2019-3653MEDIUMESConfig Tool access not controlledEPSS 0.2%CVE-2026-45296HIGHOpenReplay: Cross-tenant information disclosure in app_apikey projectKey routes via missing tenant bindingEPSS 0.2%CVE-2024-42796MEDIUMAn Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vEPSS 0.2%CVE-2026-40889MEDIUMFrappe HR has Improper Access Control on FilesEPSS 0.2%CVE-2022-25824MEDIUMImproper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrarEPSS 0.2%