Weaknesses of type CWE-284

4,454 results
CVE-2026-9604MEDIUMJeecgBoot AiragModelController access controlEPSS 0.2%CVE-2025-57219MEDIUMIncorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate priviEPSS 0.2%CVE-2021-1583MEDIUMCisco Nexus 9000 Series Fabric Switches ACI Mode Arbitrary File Read VulnerabilityEPSS 0.2%CVE-2026-42832HIGHMicrosoft Office Spoofing VulnerabilityEPSS 0.2%CVE-2025-36351MEDIUMIBM License Metric Tool bypass securityEPSS 0.2%CVE-2025-47221MEDIUMAn arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. The properties ARCHIVETODISK_FILENAME-PATTERN, ARCHIVETODEPSS 0.2%CVE-2025-50434MEDIUMA security issue has been identified in Appian Enterprise Business Process Management version 25.3. The vulnerability is related to incorrecEPSS 0.2%CVE-2025-14338HIGHPolkit authentication dis isabled by default in inputplumberEPSS 0.2%CVE-2026-34314MEDIUMVulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (comEPSS 0.2%CVE-2022-36088MEDIUMGoCD Windows installations outside default location inadequately restrict installation file permissionsEPSS 0.2%CVE-2026-32214MEDIUMUniversal Plug and Play (upnp.dll) Information Disclosure VulnerabilityEPSS 0.2%CVE-2025-20324MEDIUMImproper Access Control in System Source Types Configuration in Splunk EnterpriseEPSS 0.2%CVE-2023-21969MEDIUMVulnerability in Oracle SQL Developer (component: Installation). Supported versions that are affected are Prior to 23.1.0. Easily exploitabEPSS 0.2%CVE-2026-33212LOWWeblate: Improper access control for pending tasks in APIEPSS 0.2%CVE-2024-42406MEDIUMUnauthorized access on archived channelsEPSS 0.2%CVE-2026-33103MEDIUMMicrosoft Dynamics 365 (On-Premises) Information Disclosure VulnerabilityEPSS 0.2%CVE-2026-14052MEDIUMInsufficient policy enforcement in FileSystem in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass discretionary acceEPSS 0.2%CVE-2026-14061MEDIUMInappropriate implementation in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive inforEPSS 0.2%CVE-2026-14035MEDIUMInsufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitiEPSS 0.2%CVE-2026-2852MEDIUMyeqifu warehouse Sales Endpoint SalesController.java deleteSales access controlEPSS 0.2%