Fallos del tipo CWE-284

4448 resultados
CVE-2025-28041HIGHIncorrect access control in the doFilter function of itranswarp up to 2.19 allows attackers to access sensitive components without authenticEPSS 0.3%CVE-2026-1152MEDIUMtechnical-laohu mpay QR Code Image unrestricted uploadEPSS 0.3%CVE-2023-24490MEDIUMUsers with only access to launch VDA applications can launch an unauthorized desktopEPSS 0.3%CVE-2026-47366HIGHImproper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticatEPSS 0.3%CVE-2025-54563HIGHAn Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which aEPSS 0.3%CVE-2026-2146MEDIUMguchengwuyue yshopmall co.yixiang.utils.FileUtil updateAvatar unrestricted uploadEPSS 0.3%CVE-2023-38132LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated EPSS 0.3%CVE-2025-9139MEDIUMScada-LTS WatchListDwr.init.dwr information disclosureEPSS 0.3%CVE-2025-9240MEDIUMelunez eladmin info information disclosureEPSS 0.3%CVE-2024-46280HIGHPIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a rooEPSS 0.3%CVE-2024-48899MEDIUMMoodle: idor when accessing list of course badgesEPSS 0.3%CVE-2025-55471HIGHIncorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other uEPSS 0.3%CVE-2026-34358HIGHCtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC BypassEPSS 0.3%CVE-2026-32254HIGHKube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoSEPSS 0.3%CVE-2026-7686MEDIUMeyeo Adblock Plus Legacy Premium Activation premium.preload.js postMessage access controlEPSS 0.3%CVE-2025-45618MEDIUMIncorrect access control in the component /admin/sys/datasource/ajaxList of jeeweb-mybatis-springboot v0.0.1.RELEASE allows attackers to accEPSS 0.3%CVE-2026-30962HIGHParse Server has a protected fields bypass via logical query operatorsEPSS 0.3%CVE-2025-14219MEDIUMCampcodes Retro Basketball Shoes Online Store admin_running.php unrestricted uploadEPSS 0.3%CVE-2025-6786MEDIUMDocCheck Login <= 1.1.5 - Unauthorized Post AccessEPSS 0.3%CVE-2026-22011HIGHVulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: ADPatch). Supported versions that are affected EPSS 0.3%