By weakness (CWE)

CWE-284: related vulnerabilities

CVEs classified under CWE-284. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

19 published vulnerabilities

  • CVE-2026-35277HIGH 8.1

    Oracle REST Data Services contains a flaw that allows authenticated users with basic network access to read and modify sensitive data they shouldn't be able to access. An attacker with a low-privilege account can exploit this remotely without user interaction, potentially accessing, changing, or deleting critical information across the service. This is a significant risk because it bypasses normal data access controls.

  • CVE-2025-22426HIGH 7.8

    CVE-2025-22426 is a privilege escalation vulnerability in Android's ComputerEngine component that allows a local attacker with basic user-level access to bypass security boundaries and access resources (URIs) belonging to other users on the same device. The flaw stems from a logic error in multiple functions within ComputerEngine.java that fails to properly enforce cross-user access controls. An attacker needs only local access to the device and their own user account—no special permissions or user interaction required—making this a straightforward path to elevated privileges.

  • CVE-2026-40715HIGH 7.8

    Dell ThinOS 10 versions before 2602_10.0765 contain an access control flaw that allows a user with basic system access to gain elevated administrative privileges. An attacker already on the system as a regular user could leverage this vulnerability to take full control, making it a critical privilege escalation risk for any organization relying on ThinOS-based thin clients or endpoints.

  • CVE-2026-32995HIGH 7.5

    Rocket.Chat contains an authentication bypass vulnerability in its direct message protocol (DDP) translation feature. An authenticated user—even without access to specific rooms or channels—can read private messages, direct messages, and end-to-end encrypted messages from other users by exploiting an unprotected DDP method. The flaw stems from insufficient permission checks when a client requests message translation, allowing lateral message enumeration across the entire Rocket.Chat instance.

  • CVE-2026-37235HIGH 7.5

    FlexRIC v2.0.0 contains a critical authentication bypass flaw in its E42 message handler. An attacker on the network can forge requests claiming to be any authorized xApp (a RIC application component) without proving their identity. The system validates only that the claimed xApp ID falls within a valid range, but does not verify that the request actually originated from that xApp. By sending a malicious request with a spoofed xApp ID to the iApp service on port 36422, an attacker can trick the RIC into routing responses to a legitimate xApp, corrupting its internal state and potentially crashing it, the RIC itself, or the iApp.

  • CVE-2026-11017MEDIUM 6.5

    Google Chrome versions before 149.0.7827.53 contain a flaw in how the Link Preview feature handles navigation restrictions. If an attacker first compromises Chrome's renderer process—the component that displays web content—they can craft a malicious HTML page to bypass restrictions that normally prevent unauthorized navigation. The vulnerability requires prior renderer compromise, limiting its immediate attack surface, but it does allow an attacker with that foothold to navigate to restricted locations without proper authorization.

  • CVE-2026-11026MEDIUM 6.5

    Google Chrome versions prior to 149.0.7827.53 contain a flaw in how extensions are handled that allows an attacker to bypass built-in navigation restrictions. The vulnerability requires social engineering—an attacker must trick a user into installing a malicious Chrome extension. Once installed, the extension can circumvent the browser's navigation safeguards, potentially redirecting users to unintended destinations or enabling other attack chains. This is classified as a Medium severity issue by Chromium's security team.

  • CVE-2026-3198MEDIUM 6.5

    MLflow 3.9.0, when deployed with basic authentication enabled, contains an authorization bypass affecting several gateway API endpoints. The application fails to properly verify user permissions before allowing access to sensitive operations that list gateway secrets, endpoints, and model definitions. This means any user who has logged in—even with minimal privileges—can view all gateway configuration data, including API keys and proprietary model information that should be restricted. The vulnerability is confined to the basic-auth deployment mode and affects information disclosure rather than data modification or system availability.

  • CVE-2026-10152MEDIUM 6.3

    A flaw in TaleLin's lin-cms-spring-boot framework (version 0.2.1 and earlier) allows authenticated users to bypass access controls on the book endpoint. An attacker with valid login credentials can manipulate requests to perform actions they should not be permitted to execute, such as viewing, modifying, or deleting book records without proper authorization checks. Proof-of-concept code is publicly available, increasing the risk of active exploitation.

  • CVE-2026-10172MEDIUM 6.3

    Bdtask Multi-Store Inventory Management System version 1.0 contains a file upload vulnerability that allows authenticated users to upload arbitrary files to the server without validation. An attacker with valid login credentials can exploit this flaw to upload malicious files, potentially leading to remote code execution or other attacks. Public exploit code is available, increasing the risk of widespread exploitation.

  • CVE-2026-10205MEDIUM 6.3

    Metasoft MetaCRM version 6.4.0 contains an unrestricted file upload vulnerability in its logo upload functionality. An authenticated attacker can upload arbitrary files to the server, potentially leading to code execution or system compromise. The vulnerability affects a JSP file handling logo uploads and requires valid user credentials to exploit. Public exploit code exists for this issue.

  • CVE-2026-10277MEDIUM 6.3

    A security flaw exists in the MCP Google Workspace integration's Gmail tool that allows authenticated users to bypass access controls and manipulate file storage operations. An attacker with valid login credentials can remotely exploit this vulnerability to gain unauthorized access to data or perform unintended modifications. The vulnerability affects the component up to commit 831790e7d5c2663325733d9f5579cc339a267c4c, and a patch has been released.

  • CVE-2026-10806MEDIUM 6.3

    CVE-2026-10806 is a medium-severity file upload vulnerability in mjperpinosa stumasy affecting the add_post.php component. An authenticated attacker can manipulate the up_file_to_post parameter to upload files without proper restrictions, potentially allowing arbitrary file placement on the server. The vulnerability requires valid login credentials but can be exploited over the network. Exploit code has been publicly disclosed, increasing practical risk.

  • CVE-2026-10807MEDIUM 6.3

    A file upload vulnerability exists in mjperpinosa stumasy that allows authenticated users to upload files without proper validation. By manipulating the profile image upload parameter in the application's profile management component, an attacker with login credentials can bypass upload restrictions and place arbitrary files on the server. The vulnerability requires authentication but poses meaningful risk to confidentiality, integrity, and availability of the affected system.

  • CVE-2026-40713MEDIUM 6.1

    Dell ThinOS 10 devices running versions before 2602_10.0765 have a flaw that allows someone with physical access to the device—without needing to log in—to view sensitive information stored on it. This is a medium-severity issue because it requires hands-on access to the hardware, but once someone has that access, the controls meant to protect data don't work properly.

  • CVE-2024-27891MEDIUM 5.3

    Arista EOS devices that simultaneously use MACsec (a security protocol encrypting layer 2 traffic) and egress Access Control Lists (ACLs) on the same network interfaces may fail to enforce the intended ACL policies on outgoing traffic. This means packets that should be blocked by policy could be allowed to leave the device, or conversely, traffic that should be permitted might be incorrectly denied—effectively breaking the network's egress filtering controls.

  • CVE-2026-10255MEDIUM 5.3

    A remote access control weakness exists in SourceCodester Pharmacy Sales and Inventory System version 1.0. An unauthenticated attacker can exploit the sell_statement function in the application's form controller to bypass authorization checks and gain unauthorized read access to sensitive pharmacy data. The vulnerability requires no special interaction from users and can be triggered over the network. Because exploit code has already been publicly disclosed, active exploitation risk is elevated.

  • CVE-2026-36180MEDIUM 4.6

    GNCC GP5 version 7.1.76 has a security weakness that allows an attacker with physical access to the machine to temporarily modify read-only system files and binaries during a single boot session. The vulnerability exploits bind-mount mechanisms—a Linux/Unix filesystem technique—to circumvent protections meant to keep critical system files locked down. While the attacker needs to be physically present and the changes only persist until reboot, this represents a meaningful integrity risk for systems in shared, controlled, or potentially hostile physical environments.

  • CVE-2026-41160MEDIUM 4.3

    EspoCRM contains a logic flaw that allows lower-privileged users to pin notes they don't have permission to edit. The vulnerability stems from a timing issue in the API backend: the system modifies the note in the database before checking whether the user is actually authorized to do so. Even though the server returns an error message afterward, the damage is already done—the note remains pinned. This affects EspoCRM versions before 9.3.5.