Fallos del tipo CWE-284

4445 resultados
CVE-2023-3099MEDIUMKylinSoft youker-assistant Arbitrary File dbus.SystemBus delete_file access controlEPSS 0.3%CVE-2026-41728HIGHSpring Data REST JSON Patch bypasses Jackson read-only property protection on nested objects and collectionsEPSS 0.3%CVE-2026-3209MEDIUMfosrl Pangolin Role verifyApiKeyRoleAccess access controlEPSS 0.3%CVE-2026-44556HIGHOpen WebUI: responses passthrough endpoint lacks access control authorizationEPSS 0.3%CVE-2026-0881CRITICALSandbox escape in the Messaging System componentEPSS 0.3%CVE-2025-55797MEDIUMAn improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/[schemaId] endpoint allows unauthenticated attackers EPSS 0.3%CVE-2026-3542HIGHInappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memoEPSS 0.3%CVE-2025-0783MEDIUMpankajindevops scale API Endpoint access controlEPSS 0.3%CVE-2024-12370MEDIUMWP Hotel Booking <= 2.1.5 - Missing AuthorizationEPSS 0.3%CVE-2024-41905HIGHA vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not haEPSS 0.3%CVE-2025-10247MEDIUMJEPaaS Filter doFilterInternal access controlEPSS 0.3%CVE-2025-48860HIGHA vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remoteEPSS 0.3%CVE-2026-44874MEDIUMAuthenticated Arbitrary File Download via AOS-10 Web-Based Management InterfaceEPSS 0.3%CVE-2025-4316MEDIUMImproper access control in PAM feature in Devolutions Server allows a PAM user to self approve their PAM requests even if disallowed by the EPSS 0.3%CVE-2025-0745HIGHImproper Access Control vulnerability in EmbedAIEPSS 0.3%CVE-2020-3253MEDIUMCisco Firepower Threat Defense Software Shell Access VulnerabilityEPSS 0.3%CVE-2026-5413MEDIUMNewgen OmniDocs GetWebApiConfiguration information disclosureEPSS 0.3%CVE-2026-0566MEDIUMcode-projects Content Management System edit_posts.php unrestricted uploadEPSS 0.3%CVE-2025-50861MEDIUMThe Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible witEPSS 0.3%CVE-2025-60291CRITICALAn issue was discovered in eTimeTrackLite Web thru 12.0 (20250704). There is a permission control flaw that allows unauthorized attackers toEPSS 0.3%