Weaknesses of type CWE-284

4,456 results
CVE-2026-30859MEDIUMWeKnora: Broken Access Control - Cross-Tenant Data ExposureEPSS 0.2%CVE-2026-11277MEDIUMInsufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretEPSS 0.2%CVE-2025-53058MEDIUMVulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Application Logging Interfaces). Supported EPSS 0.2%CVE-2025-3768MEDIUMImproper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypassEPSS 0.2%CVE-2025-53060MEDIUMVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are EPSS 0.2%CVE-2024-23238HIGHAn access issue was addressed with improved access restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to edit NVRAM EPSS 0.2%CVE-2025-63739MEDIUMAn issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing EPSS 0.2%CVE-2023-42853MEDIUMA logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An EPSS 0.2%CVE-2026-40420HIGHMicrosoft Office Click-To-Run Elevation of Privilege VulnerabilityEPSS 0.2%CVE-2023-33872MEDIUMImproper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable informatiEPSS 0.2%CVE-2022-32918MEDIUMThis issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to bypass PrivacEPSS 0.2%CVE-2025-67259MEDIUMA Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorEPSS 0.2%CVE-2021-25749HIGHrunAsNonRoot logic bypass for Windows containersEPSS 0.2%CVE-2024-32044MEDIUMImproper access control for some Intel(R) Arc(TM) Pro Graphics for Windows drivers before version 31.0.101.5319 may allow an authenticated uEPSS 0.2%CVE-2023-43748HIGHImproper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentiaEPSS 0.2%CVE-2026-35162MEDIUMDell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with remEPSS 0.2%CVE-2026-31815MEDIUMdjango-unicorn affected by component state manipulation via unvalidated attribute accessEPSS 0.2%CVE-2025-30760MEDIUMVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are EPSS 0.2%CVE-2026-14155MEDIUMInsufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin dEPSS 0.2%CVE-2023-21518MEDIUMImproper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary EPSS 0.2%