Fallos del tipo CWE-284
4434 resultadosCVE-2026-9517MEDIUMhemant6488 CodeIgniter-StudentManagementSystem Student Management addStudentView access controlEPSS 0.4%CVE-2025-49546LOWColdFusion | Improper Access Control (CWE-284)EPSS 0.4%CVE-2024-40884LOWUnauthorized disabling of invite URLEPSS 0.4%CVE-2026-31282CRITICALTotara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. AnEPSS 0.4%CVE-2024-41252MEDIUMAn Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_sEPSS 0.4%CVE-2024-21113HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are PrioEPSS 0.4%CVE-2025-11398MEDIUMSourceCodester Hotel and Lodge Management System Profile profile.php unrestricted uploadEPSS 0.4%CVE-2026-24303CRITICALMicrosoft Partner Center Elevation of Privilege VulnerabilityEPSS 0.4%CVE-2024-0434MEDIUMWordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly <= 1.7.1 - Missing Authorization via ttbm_new_place_saveEPSS 0.4%CVE-2025-54599HIGHThe Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, wheEPSS 0.4%CVE-2024-21153HIGHVulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Management SpecEPSS 0.4%CVE-2023-47034HIGHA vulnerability in UniswapFrontRunBot 0xdB94c allows attackers to cause financial losses via unspecified vectors.EPSS 0.4%CVE-2025-59943HIGHphpMyFAQ duplicate email registration allows multiple accounts with the same emailEPSS 0.4%CVE-2024-26310MEDIUMArcher Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper access control vulnerability. A remote authenticated malicious user couldEPSS 0.4%CVE-2026-45746CRITICALTermix Vulnerable to Arbitrary Command Execution via Session HijackingEPSS 0.4%CVE-2025-55741HIGHunopim/unopim allows unauthorized product deletion via mass-delete endpointEPSS 0.4%CVE-2025-31484CRITICALconda-forge infrastructure uses a bad token for Azure's cf-staging accessEPSS 0.4%CVE-2025-5130MEDIUMTmall Demo uploadProductImage unrestricted uploadEPSS 0.4%CVE-2025-12593MEDIUMcode-projects Simple Online Hotel Reservation System Photo edit_room.php unrestricted uploadEPSS 0.4%CVE-2024-45408HIGHeLabFTW contains a direct and indirect information disclosureEPSS 0.4%