Fallos del tipo CWE-284

4457 resultados
CVE-2026-34302MEDIUMVulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader). Supported versions that are affected EPSS 0.2%CVE-2026-40603MEDIUMChartbrew: Incorrect Access Control in /api/project/dashboard/:brewName via same-team overrideEPSS 0.2%CVE-2025-63664HIGHIncorrect access control in the /api/v1/conversations/*/messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackersEPSS 0.2%CVE-2025-11406MEDIUMkaifangqian kaifangqian-base SysUserController.java getAllUsers information disclosureEPSS 0.2%CVE-2026-44478HIGHhoppscotch: Unauthenticated Onboarding Config Disclosure via Empty Recovery TokenEPSS 0.2%CVE-2026-48948MEDIUMJoomla! Core - [20260702] - Incorrect Access Control in com_contact vcf downloadEPSS 0.2%CVE-2026-28833MEDIUMA permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS EPSS 0.2%CVE-2025-70363HIGHIncorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access EPSS 0.2%CVE-2024-28115HIGHPrivilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabledEPSS 0.2%CVE-2023-24215CRITICALIncorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrEPSS 0.2%CVE-2026-48957MEDIUMJoomla! Core - [20260711] - Incorrect Access Control in com_privacy webservice endpointsEPSS 0.2%CVE-2024-46539HIGHInsecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a EPSS 0.2%CVE-2026-2206MEDIUMWeKan Administrative Repair fixDuplicateLists.js FixDuplicateBleed access controlEPSS 0.2%CVE-2023-20237MEDIUMA vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services thaEPSS 0.2%CVE-2021-22907An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions pEPSS 0.2%CVE-2026-47279MEDIUMNocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation EndpointsEPSS 0.2%CVE-2025-10755MEDIUMSelleo Mentingo Content-Type unrestricted uploadEPSS 0.2%CVE-2026-49161HIGHMicrosoft PC Manager Security Feature Bypass VulnerabilityEPSS 0.2%CVE-2025-10669MEDIUMAirsonic-Advanced Playlist Upload unrestricted uploadEPSS 0.2%CVE-2022-28778MEDIUMImproper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder asEPSS 0.2%