Weaknesses of type CWE-284
4,453 resultsCVE-2026-7578MEDIUMMacCMS Pro Plugin Installation add.html install unrestricted uploadEPSS 0.2%CVE-2026-45296HIGHOpenReplay: Cross-tenant information disclosure in app_apikey projectKey routes via missing tenant bindingEPSS 0.2%CVE-2026-40889MEDIUMFrappe HR has Improper Access Control on FilesEPSS 0.2%CVE-2024-42796MEDIUMAn Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vEPSS 0.2%CVE-2021-42029—A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 UEPSS 0.2%CVE-2023-52375MEDIUMPermission control vulnerability in the WindowManagerServices module.Successful exploitation of this vulnerability may affect availability.EPSS 0.2%CVE-2025-59422MEDIUMDify Has Broken Access Control on Log Message Endpoint Allows Reading of Chats of OthersEPSS 0.2%CVE-2024-32045MEDIUMPlaybook run link to private channel grants channel accessEPSS 0.2%CVE-2023-21438LOWImproper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder.EPSS 0.2%CVE-2025-54970MEDIUMAn issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configuratEPSS 0.2%CVE-2025-46308MEDIUMAn authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. AnEPSS 0.2%CVE-2025-13804MEDIUMnutzam NutzBoot Ethereum Wallet EthModule.java information disclosureEPSS 0.2%CVE-2025-50850HIGHAn issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verificatiEPSS 0.2%CVE-2021-32002MEDIUMSiteManager troubleshooter allows access without authentication from local networkEPSS 0.2%CVE-2026-47200MEDIUMNuxt: Route middleware not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`EPSS 0.2%CVE-2020-4107HIGHHCL Domino is affected by an Insufficient Access Control vulnerabilityEPSS 0.2%CVE-2025-2350MEDIUMIROAD Dash Cam FX2 upload_file unrestricted uploadEPSS 0.2%CVE-2021-25405—An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to aEPSS 0.2%CVE-2024-23266MEDIUMThe issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app EPSS 0.2%CVE-2025-45157MEDIUMInsecure permissions in Splashin iOS v2.0 allow unauthorized attackers to access location data for specific users.EPSS 0.2%