Fallos del tipo CWE-284

4446 resultados
CVE-2025-50861MEDIUMThe Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible witEPSS 0.3%CVE-2026-48616CRITICALRocket.Chat versions <8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, 7.10.13 has an access control vulnerability in Livechat files. ProteEPSS 0.3%CVE-2024-20397MEDIUMCisco NX-OS Software Image Verification Bypass VulnerabilityEPSS 0.3%CVE-2026-22555HIGHGitea organization forks can expose organization secrets without create permissionEPSS 0.3%CVE-2025-13573MEDIUMprojectworlds can pass malicious payloads add_book.php unrestricted uploadEPSS 0.3%CVE-2024-42988MEDIUMLack of access control in ChallengeSolves (/api/v1/challenges/<challenge id>/solves) of CTFd v2.0.0 - v3.7.2 allows authenticated users to rEPSS 0.3%CVE-2026-13897HIGHInsufficient policy enforcement in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalatEPSS 0.3%CVE-2025-7906MEDIUMyangzongzhuan RuoYi CommonController.java uploadFile unrestricted uploadEPSS 0.3%CVE-2025-57438MEDIUMThe 2wcom IP-4c 2.15.5 device suffers from a Broken Access Control vulnerability. Certain sensitive endpoints are intended to be accessible EPSS 0.3%CVE-2024-50558MEDIUMA vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM EPSS 0.3%CVE-2025-10013MEDIUMPortabilis i-Educar exportacao-para-o-seb access controlEPSS 0.3%CVE-2025-13423MEDIUMCampcodes Retro Basketball Shoes Online Store admin_product.php unrestricted uploadEPSS 0.3%CVE-2025-29524MEDIUMIncorrect access control in the component /cgi-bin/system_diagnostic_main.asp of DASAN GPON ONU H660WM H660WMR210825 allows attackers to accEPSS 0.3%CVE-2025-61758MEDIUMVulnerability in the PeopleSoft Enterprise FIN IT Asset Management product of Oracle PeopleSoft (component: IT Asset Management). The suppEPSS 0.3%CVE-2024-36257LOWLack of permission check when updating the profile picture of a remote user (shared channels enabled)EPSS 0.3%CVE-2026-20888MEDIUMGitea Pull Requests Auto-Merge: Read-Only Users Can Cancel Scheduled Auto-Merge via Web Endpoint (Authorization Bypass)EPSS 0.3%CVE-2025-53035MEDIUMVulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (comEPSS 0.3%CVE-2026-32693HIGHUnauthorized access to Kubernetes secrets in JujuEPSS 0.3%CVE-2025-7864MEDIUMthinkgem JeeSite FileUploadController.java upload unrestricted uploadEPSS 0.3%CVE-2024-55402MEDIUM4C Strategies Exonaut before v22.4 was discovered to contain an access control issue.EPSS 0.3%