Fallos del tipo CWE-284
4436 resultadosCVE-2021-1515MEDIUMCisco SD-WAN vManage Information Disclosure VulnerabilityEPSS 0.4%CVE-2025-1590MEDIUMSourceCodester E-Learning System List of Lessons Page index.php unrestricted uploadEPSS 0.4%CVE-2023-6810MEDIUMClickCease Click Fraud Protection <= 3.2.4 - Improper Authorization to sensitive information exposure via get_settingsEPSS 0.4%CVE-2025-43450HIGHA logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may EPSS 0.4%CVE-2024-51988MEDIUMHTTP API's queue deletion endpoint does not verify that the user has a required permissionEPSS 0.4%CVE-2026-37979MEDIUMKeycloak: keycloak: information disclosure via oidc token introspection endpoint audience bypassEPSS 0.4%CVE-2025-8795MEDIUMLitmusChaos Litmus login access controlEPSS 0.4%CVE-2024-8216MEDIUMnafisulbari/itsourcecode Insurance Management System Payment editPayment.php access controlEPSS 0.4%CVE-2016-8656HIGHJboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result iEPSS 0.4%CVE-2026-35320CRITICALVulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are EPSS 0.4%CVE-2026-46927HIGHVulnerability in the Oracle Receivables product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are afEPSS 0.4%CVE-2025-11136MEDIUMYiFang CMS Backend File.php webUploader unrestricted uploadEPSS 0.4%CVE-2026-11344MEDIUMcode-projects Vehicle Management System New Driver Registration Form newdriver.php unrestricted uploadEPSS 0.4%CVE-2026-2768CRITICALSandbox escape in the Storage: IndexedDB componentEPSS 0.4%CVE-2026-14792MEDIUMFormbricks Survey actions.ts access controlEPSS 0.4%CVE-2025-9973MEDIUMAuthorization Bypass via Adaptive Authentication in WSO2 Identity Server Allows Cross-Organization Account TakeoverEPSS 0.4%CVE-2025-45616CRITICALIncorrect access control in the /admin/** API of brcc v1.2.0 allows attackers to gain access to Admin rights via a crafted request.EPSS 0.4%CVE-2026-2226MEDIUMDouPHP ZIP File file.php unrestricted uploadEPSS 0.4%CVE-2023-46666MEDIUMElastic Sharepoint Online Python Connector Improper Access ControlEPSS 0.4%CVE-2022-2792MEDIUMEmerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data EPSS 0.4%