Weaknesses of type CWE-284
4,454 resultsCVE-2026-7133MEDIUMcode-projects Online Lot Reservation System activity.php unrestricted uploadEPSS 0.2%CVE-2026-34298MEDIUMVulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions thatEPSS 0.2%CVE-2023-27517MEDIUMImproper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an aEPSS 0.2%CVE-2023-34403MEDIUMMercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to this pins and get access to inteEPSS 0.2%CVE-2025-67437MEDIUMMedical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user passwoEPSS 0.2%CVE-2022-24923MEDIUMImproper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to loEPSS 0.2%CVE-2026-7134MEDIUMcode-projects Online Lot Reservation System edithousepic.php unrestricted uploadEPSS 0.2%CVE-2025-27093MEDIUMSliver does not restricted traffic between Wireguard clients.EPSS 0.2%CVE-2022-40207HIGHImproper access control in the Intel(R) SUR software before version 2.4.8989 may allow an authenticated user to potentially enable escalatioEPSS 0.2%CVE-2026-5881MEDIUMPolicy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via EPSS 0.2%CVE-2025-15141LOWHalo Configuration actuator information disclosureEPSS 0.2%CVE-2025-4962HIGHIDOR Vulnerability in Template Creation via `projectId` Manipulation in lunary-ai/lunaryEPSS 0.2%CVE-2026-11193MEDIUMInsufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionarEPSS 0.2%CVE-2025-68716HIGHKAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configuEPSS 0.2%CVE-2025-32376MEDIUMDiscourse DM limits aren’t always properly enforcedEPSS 0.2%CVE-2026-46828HIGHVulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affectEPSS 0.2%CVE-2023-34469MEDIUMCold Rest VulnerabiltiyEPSS 0.2%CVE-2025-5962HIGHRhel-lightspeed: improper access control in lightspeed history management allows local privilege manipulationEPSS 0.2%CVE-2022-36396HIGHImproper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmiEdit-Linux-5.27.06.0017 may allow a privEPSS 0.2%CVE-2024-43031MEDIUMautMan v2.9.6 was discovered to contain an access control issue.EPSS 0.2%