Weaknesses of type CWE-284

4,457 results
CVE-2026-9223MEDIUMMissing authorization in the vault import feature in Devolutions Server  2026.1.16.0 and earlier allows a low-privileged authenticated user EPSS 0.2%CVE-2026-11187MEDIUMInappropriate implementation in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions viaEPSS 0.2%CVE-2025-47792MEDIUMNextcloud Desktop 3rdparty applications can create share links via socket APIEPSS 0.2%CVE-2026-35232MEDIUMVulnerability in Oracle Fusion Middleware (component: Dynamic Monitoring Service). Supported versions that are affected are 12.2.1.4.0 and EPSS 0.2%CVE-2026-46848HIGHVulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 14.EPSS 0.2%CVE-2026-20203MEDIUMImproper Access Control in Data Model Acceleration in Splunk EnterpriseEPSS 0.2%CVE-2026-22019MEDIUMVulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Person Search). The supported veEPSS 0.2%CVE-2023-42969LOWAn app may be able to break out of its sandbox. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOEPSS 0.2%CVE-2022-39875MEDIUMImproper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.EPSS 0.2%CVE-2023-22618HIGHIf Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative EPSS 0.2%CVE-2023-21442MEDIUMImproper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) EPSS 0.2%CVE-2023-21495MEDIUMImproper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device EPSS 0.2%CVE-2026-28218MEDIUMDiscourse's Fail-Open Access Control in Data Explorer Plugin Allows Unauthorized SQL Query ExecutionEPSS 0.2%CVE-2023-26596LOWImproper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentEPSS 0.2%CVE-2023-21493MEDIUMImproper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected datEPSS 0.2%CVE-2024-6364MEDIUMServer Identity Validation Bypass in Absolute Persistence®EPSS 0.1%CVE-2026-56823MEDIUMAutoGPT: IDOR in Webhook Ping Endpoint Allows Enumeration and Cross-User Ping TriggeringEPSS 0.1%CVE-2026-46768MEDIUMVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: VMSVGA device). The supported version that is affecEPSS 0.1%CVE-2025-25225MEDIUMExtension - hikashop.com - Privilege escalation vulnerability Hikashop component version 1.0.0 - 5.1.3 for JoomlaEPSS 0.1%CVE-2026-35067MEDIUMDell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with adjEPSS 0.1%