Weaknesses of type CWE-284

4,456 results
CVE-2025-5962HIGHRhel-lightspeed: improper access control in lightspeed history management allows local privilege manipulationEPSS 0.2%CVE-2026-3796MEDIUMQi-ANXIN QAX Virus Removal Mini Filter Driver QKSecureIO_Imp.sys ZwTerminateProcess access controlEPSS 0.2%CVE-2021-25463MEDIUMImproper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview.EPSS 0.2%CVE-2024-43031MEDIUMautMan v2.9.6 was discovered to contain an access control issue.EPSS 0.2%CVE-2026-7862HIGHEupago Gateway For Woocommerce < 4.7.2 - Unauthenticated Arbitrary Refund InitiationEPSS 0.2%CVE-2025-29557MEDIUMExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-leveEPSS 0.2%CVE-2026-13544MEDIUMFeehi CMS API users access controlEPSS 0.2%CVE-2026-14775MEDIUMSourceCodester Onlne Examination & Learning Management System process_lesson.php unrestricted uploadEPSS 0.2%CVE-2025-61881MEDIUMVulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4EPSS 0.2%CVE-2026-14777MEDIUMSourceCodester Onlne Examination & Learning Management System announcements.php unrestricted uploadEPSS 0.2%CVE-2026-11326MEDIUMOpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerabiliEPSS 0.2%CVE-2025-11716MEDIUMSandboxed iframes allowed links to open in external apps (Android only)EPSS 0.2%CVE-2025-54871MEDIUMElectron Capture is Vulnerable to TCC Bypass via Misconfigured Node Fuses (macOS)EPSS 0.2%CVE-2025-13249MEDIUMJiusi OA OfficeServer unrestricted uploadEPSS 0.2%CVE-2026-1009CRITICALStored Cross-Site Scripting in Altium Live Forum Leading to Cross-Customer Data ExposureEPSS 0.2%CVE-2026-14776MEDIUMSourceCodester Onlne Examination & Learning Management System Filename Extension upload_files.php pathinfo unrestricted uploadEPSS 0.2%CVE-2026-11333MEDIUMtittuvarghese CollegeManagementSystem Student Data Upload Endpoint upload_student_data.php unrestricted uploadEPSS 0.2%CVE-2026-11277MEDIUMInsufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretEPSS 0.2%CVE-2025-53060MEDIUMVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are EPSS 0.2%CVE-2025-53041MEDIUMVulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are EPSS 0.2%