Fallos del tipo CWE-284
4436 resultadosCVE-2025-50870CRITICALInstitute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accEPSS 0.4%CVE-2025-1791MEDIUMZorlan SkyCaiji Tool.php fileAction unrestricted uploadEPSS 0.4%CVE-2025-12346MEDIUMMaxSite CMS HTTP Header uploads-require-maxsite.php unrestricted uploadEPSS 0.4%CVE-2026-1061MEDIUMxiweicheng TMS FileController.java upload unrestricted uploadEPSS 0.4%CVE-2025-4291MEDIUMIdeaCMS saveUpload unrestricted uploadEPSS 0.4%CVE-2026-47261HIGHWasmtime: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restrictionEPSS 0.4%CVE-2025-28201MEDIUMAn issue in Victure RX1800 EN_V1.0.0_r12_110933 allows physically proximate attackers to execute arbitrary code or gain root access.EPSS 0.4%CVE-2025-20219MEDIUMCisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Access Control Bypass VulnerabilityEPSS 0.4%CVE-2026-44225CRITICALPulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user filesEPSS 0.4%CVE-2025-3256MEDIUMxujiangfei admintwo updateSet access controlEPSS 0.4%CVE-2025-62474HIGHWindows Remote Access Connection Manager Elevation of Privilege VulnerabilityEPSS 0.4%CVE-2026-7468MEDIUM1024-lab smart-admin Demo Site index.html access controlEPSS 0.4%CVE-2025-64110HIGHCursor: Authentication Bypass Possible via New Cursorignore WriteEPSS 0.4%CVE-2025-65176HIGHAn issue was discovered in Dynatrace OneAgent before 1.325.47. When attempting to access a remote network share from a machine where OneAgenEPSS 0.4%CVE-2026-21255HIGHWindows Hyper-V Security Feature Bypass VulnerabilityEPSS 0.4%CVE-2025-61748LOWVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: LibrariEPSS 0.4%CVE-2026-3797MEDIUMTiandy Video Surveillance System 视频监控平台 CLS_REST_File.java uploadFile unrestricted uploadEPSS 0.4%CVE-2023-45228MEDIUMSielco Radio Link and Analog FM Transmitters Improper Access ControlEPSS 0.4%CVE-2026-35185HIGHHAX CMS's public /server-status endpoint exposes authentication tokens, user activity, and client IP addressesEPSS 0.4%CVE-2024-27187HIGH[20240804] - Core - Improper ACL for backend profile viewEPSS 0.4%