Weaknesses of type CWE-284

4,457 results
CVE-2023-21894HIGHVulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen InstalEPSS 0.2%CVE-2026-48617LOWA flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation. This can lead to confideEPSS 0.2%CVE-2026-44352MEDIUMFlowsint: Broken Access Control allows reading of sketch logs from any userEPSS 0.2%CVE-2026-6313LOWInsufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer EPSS 0.2%CVE-2024-41308HIGHAn issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-EPSS 0.2%CVE-2026-4027HIGHFlexNet Manager Suite Attachment File DisclosureEPSS 0.2%CVE-2024-41309HIGHAn issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gaEPSS 0.2%CVE-2026-24668MEDIUMOpen eClass Broken Access Control Allows Students to Add Content to Course UnitsEPSS 0.2%CVE-2025-31269MEDIUMA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be ableEPSS 0.2%CVE-2026-40866HIGHHorilla: Unauthorized Document Overwrite via File Upload EndpointEPSS 0.2%CVE-2026-22033HIGHLabel Studio vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys fieldEPSS 0.2%CVE-2022-34672HIGHNVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the secuEPSS 0.2%CVE-2026-24670MEDIUMOpen eClass Has Broken Access Control in Course Units Module Allows Students to Create UnitsEPSS 0.2%CVE-2025-43241MEDIUMA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS VenturEPSS 0.2%CVE-2023-38005MEDIUMImproper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]EPSS 0.2%CVE-2026-12212MEDIUMhcengineering Huly Platform RPC operations.ts getMailboxSecret access controlEPSS 0.2%CVE-2026-40867HIGHHorilla: Unauthorized Helpdesk Attachment Access via Attachment ID ManipulationEPSS 0.2%CVE-2025-15415MEDIUMxnx3 wangmarket XML File uploadImage.do uploadImage unrestricted uploadEPSS 0.2%CVE-2023-20065HIGHA vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevEPSS 0.2%CVE-2025-9795MEDIUMxujeff tianti 天梯 UploadController.java ajaxUploadFile unrestricted uploadEPSS 0.2%