Weaknesses of type CWE-284
4,457 resultsCVE-2022-20358HIGHIn startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing EPSS 0.2%CVE-2026-11302MEDIUMInsufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretEPSS 0.2%CVE-2026-34283MEDIUMVulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Supported versions that areEPSS 0.2%CVE-2026-34269MEDIUMVulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affectEPSS 0.2%CVE-2026-34274MEDIUMVulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: User Interface). Supported versions that are affectEPSS 0.2%CVE-2026-34284MEDIUMVulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Human workflow 11g+). SupportEPSS 0.2%CVE-2025-43498MEDIUMAn authorization issue was addressed with improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, EPSS 0.2%CVE-2025-64400MEDIUMInsufficient permission checks when pre-enrolling users SummaryEPSS 0.2%CVE-2022-36864MEDIUMImproper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and exeEPSS 0.2%CVE-2022-41690HIGHImproper access control in the Intel(R) Retail Edge Mobile iOS application before version 3.4.7 may allow an authenticated user to potentialEPSS 0.2%CVE-2025-63562MEDIUMSummer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient server-side authorization. Authenticated atEPSS 0.2%CVE-2025-24516MEDIUMImproper access control for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an infoEPSS 0.2%CVE-2025-54561MEDIUMAn Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which aEPSS 0.2%CVE-2023-2112LOWDesktop component allows lateral movement between sessionsEPSS 0.2%CVE-2025-43337MEDIUMAn access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26. An app may EPSS 0.2%CVE-2024-49600HIGHDell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local accEPSS 0.2%CVE-2026-41243MEDIUMOpenLearn's pending forum posts remain publicly readable by direct ID when moderation mode is enabledEPSS 0.2%CVE-2023-28715MEDIUMImproper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated usEPSS 0.2%CVE-2025-11634LOWTomofun Furbo 360/Furbo Mini UART information disclosureEPSS 0.2%CVE-2025-59308MEDIUMIn Mahara before 24.04.10 and 25 before 25.04.1, an institution administrator or institution support administrator on a multi-tenanted site EPSS 0.2%