Fallos del tipo CWE-284

4457 resultados
CVE-2025-55630HIGHA discrepancy in the error message returned by the login function of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3EPSS 0.2%CVE-2026-40300MEDIUMZulip: Message edit history visible in "moves only" policy through /api/v1/messages/{id}/historyEPSS 0.2%CVE-2026-3110HIGHMultiple vulnerabilities on the Educativa CampusEPSS 0.2%CVE-2026-46958HIGHVulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite (component: Internal Operations). Supported versions thEPSS 0.2%CVE-2024-57360MEDIUMhttps://www.gnu.org/software/binutils/ nm >=2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The componentEPSS 0.2%CVE-2024-45326LOWAn Improper Access Control vulnerability [CWE-284] vulnerability in Fortinet FortiDeceptor 6.0.0, FortiDeceptor 5.3 all versions, FortiDecepEPSS 0.2%CVE-2026-30452MEDIUMTextpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with lEPSS 0.2%CVE-2025-64066HIGHPrimakon Pi Portal 1.0.18 REST /api/v2/user/register endpoint suffers from a Broken Access Control vulnerability. The endpoint fails to implEPSS 0.2%CVE-2026-20007MEDIUMCisco Secure Firewall Threat Defense Software Snort Deep Inspection Bypass VulnerabilityEPSS 0.2%CVE-2026-46971HIGHVulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations). Supported versions that arEPSS 0.2%CVE-2026-46959HIGHVulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite (component: Internal Operations). Supported versions thEPSS 0.2%CVE-2026-24039MEDIUMHorilla's Improper Access Control Allows Employees to Auto-Approve DocumentsEPSS 0.2%CVE-2025-61763HIGHVulnerability in Oracle Essbase (component: Essbase Web Platform). The supported version that is affected is 21.7.3.0.0. Easily exploitablEPSS 0.2%CVE-2025-6531MEDIUMSIFUSM/MZZYG BD S1 RTSP Live Video Stream Endpoint access controlEPSS 0.2%CVE-2020-16241MEDIUMPhilips SureSigns VS4 Improper Access ControlEPSS 0.2%CVE-2025-67796HIGHIKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as otherEPSS 0.2%CVE-2026-46812MEDIUMVulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Supported versions that EPSS 0.2%CVE-2026-5228HIGHImproper Access Control in Kurt Software Studio's WriteUp Mobile AppEPSS 0.2%CVE-2025-65797MEDIUMIncorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarilEPSS 0.2%CVE-2026-46770MEDIUMVulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: Security Framework). SuEPSS 0.2%