Fallos del tipo CWE-284
4445 resultadosCVE-2023-50333LOWLack of restriction to manage group names for freshly demoted guestsEPSS 0.3%CVE-2021-4477CRITICALHirschmann HiLCOS OpenBAT BAT450 IPv6 IPsec Firewall BypassEPSS 0.3%CVE-2026-23494MEDIUMPimcore is Missing Function Level Authorization on "Static Routes" ListingEPSS 0.3%CVE-2025-37140MEDIUMAuthenticated Arbitrary File Download Vulnerabilities in CLI Binary of AOS-8 Controller/Mobility Conductor Web-Based Management InterfaceEPSS 0.3%CVE-2025-49692HIGHAzure Connected Machine Agent Elevation of Privilege VulnerabilityEPSS 0.3%CVE-2025-62290HIGHVulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage). The supported version that is EPSS 0.3%CVE-2024-20279MEDIUMCisco Application Policy Infrastructure Controller Unauthorized Policy Actions VulnerabilityEPSS 0.3%CVE-2025-37142MEDIUMAuthenticated Arbitrary File Download Vulnerabilities in CLI Binary of AOS-8 Controller/Mobility Conductor Web-Based Management InterfaceEPSS 0.3%CVE-2024-27895HIGHVulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality.EPSS 0.3%CVE-2025-55261HIGHHCL Aftermarket DPC is affected by Missing Functional Level Access ControlEPSS 0.3%CVE-2025-37141MEDIUMAuthenticated Arbitrary File Download Vulnerabilities in CLI Binary of AOS-8 Controller/Mobility Conductor Web-Based Management InterfaceEPSS 0.3%CVE-2024-32124MEDIUMAn improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allEPSS 0.3%CVE-2025-6466MEDIUMageerle ruoyi-ai SseServiceImpl.java upload unrestricted uploadEPSS 0.3%CVE-2025-13185MEDIUMBdtask/CodeCanyon News365 profile unrestricted uploadEPSS 0.3%CVE-2018-1168—This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attackeEPSS 0.3%CVE-2025-2606MEDIUMSourceCodester Best Church Management Software soulwinning_crud.php unrestricted uploadEPSS 0.3%CVE-2022-23508HIGHGitOps Run allows for Kubernetes workload injectionEPSS 0.3%CVE-2025-13411MEDIUMCampcodes Retro Basketball Shoes Online Store admin_football.php unrestricted uploadEPSS 0.3%CVE-2026-54761MEDIUMTraefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik servicesEPSS 0.3%CVE-2024-28087MEDIUMIn Bonitasoft runtime Community edition, the lack of dynamic permissions causes IDOR vulnerability. Dynamic permissions existed only in SubsEPSS 0.3%