Weaknesses of type CWE-284
4,454 resultsCVE-2026-14035MEDIUMInsufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitiEPSS 0.2%CVE-2026-14061MEDIUMInappropriate implementation in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive inforEPSS 0.2%CVE-2025-11901HIGHAn uncontrolled resource consumption vulnerability affects certain ASUS motherboards using Intel B460, B560, B660, B760, H410, H510, H610, EPSS 0.2%CVE-2024-32939MEDIUMEmail addresses of remote users visible in props regardless of server settingsEPSS 0.2%CVE-2026-11464LOWJeecgBoot User List Endpoint SysUserController.java queryPageList information disclosureEPSS 0.2%CVE-2025-53064MEDIUMVulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions thatEPSS 0.2%CVE-2026-2849MEDIUMyeqifu warehouse Cache Sync CacheController.java syncCache access controlEPSS 0.2%CVE-2025-53071MEDIUMVulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Upload Attachments). Supported versions tEPSS 0.2%CVE-2021-4016MEDIUMRapid7 Insight Agent Improper Access ControlEPSS 0.2%CVE-2025-30759MEDIUMVulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security). Supported EPSS 0.2%CVE-2023-43086HIGH
Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentiEPSS 0.2%CVE-2026-40381HIGHAzure Connected Machine Agent Elevation of Privilege VulnerabilityEPSS 0.2%CVE-2025-11163MEDIUMSmartCrawl SEO checker, analyzer & optimizer <= 3.14.3 - Missing Authorization to Plugin Settings UpdateEPSS 0.2%CVE-2021-22682—Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including reaEPSS 0.2%CVE-2026-4586MEDIUMCodePhiliaX Chat2DB JDBC Driver Upload JdbcDriverController.java upload unrestricted uploadEPSS 0.2%CVE-2026-6312LOWInsufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the rendEPSS 0.2%CVE-2023-24485HIGHPrivilege Escalation on the system running a vulnerable version of Citrix Workspace app for WindowsEPSS 0.2%CVE-2026-7133MEDIUMcode-projects Online Lot Reservation System activity.php unrestricted uploadEPSS 0.2%CVE-2026-11621MEDIUMDcat-Admin User Setting upload editorMDUpload unrestricted uploadEPSS 0.2%CVE-2023-34403MEDIUMMercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to this pins and get access to inteEPSS 0.2%