Weaknesses of type CWE-284
4,430 resultsCVE-2024-1092MEDIUMRSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.4.1 - Missing AuthorizationEPSS 0.4%CVE-2025-9398MEDIUMYiFang CMS Migrate.php exportInstallTable information disclosureEPSS 0.4%CVE-2025-45612CRITICALIncorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.EPSS 0.4%CVE-2022-23994LOWAn Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted EPSS 0.4%CVE-2025-9842MEDIUMDas Parking Management System 停车场管理系统 Search information disclosureEPSS 0.4%CVE-2025-9843MEDIUMDas Parking Management System 停车场管理系统 FindAll information disclosureEPSS 0.4%CVE-2024-1678MEDIUMSubway – Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST APIEPSS 0.4%CVE-2024-41251MEDIUMAn Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_sEPSS 0.4%CVE-2026-5569MEDIUMTechnostrobe HI-LED-WR120-G2 Endpoint access controlEPSS 0.4%CVE-2026-21994CRITICALVulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (component: EPSS 0.4%CVE-2025-31698HIGHApache Traffic Server: Client IP address from PROXY protocol is not used for ACLEPSS 0.4%CVE-2025-56406HIGHAn issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE servEPSS 0.4%CVE-2024-22074CRITICALDynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 throuEPSS 0.4%CVE-2025-5131MEDIUMTmall Demo uploadCategoryImage unrestricted uploadEPSS 0.4%CVE-2023-2944MEDIUMImproper Access Control in openemr/openemrEPSS 0.4%CVE-2026-46858CRITICALVulnerability in the APM - Application Performance Management product of Oracle Enterprise Manager (component: JADM, JVM Diagnostics). SuppEPSS 0.4%CVE-2023-2104MEDIUMImproper Access Control in alextselegidis/easyappointmentsEPSS 0.4%CVE-2022-40216MEDIUMWordPress Better Messages plugin <= 1.9.10.69 - Auth. Messaging Block Bypass vulnerabilityEPSS 0.4%CVE-2024-21091MEDIUMVulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Data Import). The suEPSS 0.4%CVE-2025-70866HIGHLavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges (User role) can directly acceEPSS 0.4%