Fallos del tipo CWE-284

4444 resultados
CVE-2020-36838HIGHFacebook Chat Plugin <= 1.5 - Missing Capabilities CheckEPSS 0.3%CVE-2022-32872LOWA logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical acceEPSS 0.3%CVE-2024-5650HIGHDLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow abEPSS 0.3%CVE-2026-42222HIGHnginx-ui: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeoverEPSS 0.3%CVE-2024-20912LOWVulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. EasilyEPSS 0.3%CVE-2026-46976HIGHVulnerability in the Oracle Public Sector Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions tEPSS 0.3%CVE-2025-13250MEDIUMWeiYe-Jing datax-web Job triggerJob access controlEPSS 0.3%CVE-2023-50181MEDIUMAn improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only autEPSS 0.3%CVE-2024-39839MEDIUMRemote username set to an arbitrary string by remote userEPSS 0.3%CVE-2017-12340A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and CiscEPSS 0.3%CVE-2025-14582MEDIUMcampcodes Online Student Enrollment System index.php unrestricted uploadEPSS 0.3%CVE-2026-35305CRITICALVulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Centralized Third Party Jars). The supported versionEPSS 0.3%CVE-2025-8965MEDIUMlinlinjava litemall Endpoint AdminStorageController.java create unrestricted uploadEPSS 0.3%CVE-2023-52164MEDIUMaccess_device.cgi on Digiever DS-2105 Pro 3.1.0.71-11 devices allows arbitrary file read. NOTE: This vulnerability only affects products thaEPSS 0.3%CVE-2026-46939HIGHVulnerability in the Oracle Configure to Order product of Oracle E-Business Suite (component: Supply to Order Workbench). Supported versionEPSS 0.3%CVE-2025-5382MEDIUMImproper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to rEPSS 0.3%CVE-2025-14642MEDIUMcode-projects Computer Laboratory System technical_staff_pic.php unrestricted uploadEPSS 0.3%CVE-2025-69822HIGHAn issue in Atomberg Atomberg Erica Smart Fan Firmware Version: V1.0.36 allows an attacker to obtain sensitive information and escalate privEPSS 0.3%CVE-2024-36441MEDIUMSwissphone DiCal-RED 4009 devices allow an unauthenticated attacker use a port-2101 TCP connection to gain access to operation messages thatEPSS 0.3%CVE-2026-46891HIGHVulnerability in the JD Edwards EnterpriseOne Accounts Payable product of Oracle JD Edwards (component: Accounts Payable). The supported vEPSS 0.3%