Fallos del tipo CWE-284

4445 resultados
CVE-2026-1181CRITICALAltium 365 Over-Permissive CORS Configuration Allows Credentialed Cross-Origin Workspace AccessEPSS 0.3%CVE-2026-23660HIGHWindows Admin Center in Azure Portal Elevation of Privilege VulnerabilityEPSS 0.3%CVE-2025-8128MEDIUMzhousg letao product.js unrestricted uploadEPSS 0.3%CVE-2025-1881MEDIUMi-Drive i11/i12 Video Footage/Live Video Stream access controlEPSS 0.3%CVE-2023-23908MEDIUMImproper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable informEPSS 0.3%CVE-2026-22010HIGHVulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (comEPSS 0.3%CVE-2026-46978CRITICALVulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is affEPSS 0.3%CVE-2022-42865MEDIUMThis issue was addressed by enabling hardened runtime. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchEPSS 0.3%CVE-2025-59253MEDIUMWindows Search Service Denial of Service VulnerabilityEPSS 0.3%CVE-2025-63422HIGHIncorrect access control in the Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows EPSS 0.3%CVE-2026-47269HIGHpam_usb: deny_remote feature incorrectly classifies IPv4-mapped IPv6 remote connections as localEPSS 0.3%CVE-2024-38518MEDIUMbbb-web API additional parameters consideredEPSS 0.3%CVE-2026-21959MEDIUMVulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader). Supported versions that are affected EPSS 0.3%CVE-2026-35229HIGHVulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.30 and 21.3-21.21. EasiEPSS 0.3%CVE-2023-49098LOWReaction data for user notifications exposed in Discourse-reactionsEPSS 0.3%CVE-2024-13693MEDIUMEnfold <= 6.0.9 - Missing Authorization to Sensitive Information Disclosure in avia-export-class.phpEPSS 0.3%CVE-2026-35314HIGHVulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Web Server Plugin). Supported versions that are EPSS 0.3%CVE-2025-66027HIGHRallly Information Disclosure Vulnerability in Participant API Leaks Names and Emails Despite Pro Privacy SettingsEPSS 0.3%CVE-2026-3187MEDIUMfeiyuchuixue sz-boot-parent API Endpoint upload unrestricted uploadEPSS 0.3%CVE-2026-34310HIGHVulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (comEPSS 0.3%