Fallos del tipo CWE-284

4457 resultados
CVE-2026-40904HIGHChartbrew: Incorrect Access Control in dataset and dataRequest routes via team-scoped permission checksEPSS 0.2%CVE-2025-24218MEDIUMA privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.4. An app may beEPSS 0.2%CVE-2026-44957MEDIUMA missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowedEPSS 0.2%CVE-2025-67715MEDIUMWeblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)EPSS 0.2%CVE-2026-2205MEDIUMWeKan Meteor Publication cards.js CardPubSubBleed information disclosureEPSS 0.2%CVE-2026-34913MEDIUMA missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlEPSS 0.2%CVE-2026-34912MEDIUMA missing access control check when linking banners or campaigns to a zone through the zone-include.php script of Revive Adserver 6.0.6 and EPSS 0.2%CVE-2022-32904MEDIUMAn access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS MonteEPSS 0.2%CVE-2024-5331MEDIUMBreakdance <= 1.7.2 - Missing AuthorizationEPSS 0.2%CVE-2026-45707HIGHn8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incompleteEPSS 0.2%CVE-2026-42177MEDIUMlinux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are grantedEPSS 0.2%CVE-2025-2557MEDIUMAudi UTR Dashcam Command API access controlEPSS 0.2%CVE-2025-54343CRITICALAn Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitEPSS 0.2%CVE-2024-0374MEDIUMViews for WPForms <= 3.2.2 - Cross-Site Request Forgery via create_viewEPSS 0.2%CVE-2026-48899MEDIUMJoomla! Core - [20260515] - Incorrect Access Control in sample data pluginsEPSS 0.2%CVE-2025-60354HIGHUnauthorized modification of arbitrary articles vulnerability exists in blog-vue-springboot.EPSS 0.2%CVE-2025-12344MEDIUMYonyou U8 Cloud Request Header NCloudGatewayServlet unrestricted uploadEPSS 0.2%CVE-2026-14034MEDIUMInappropriate implementation in WebXR in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restEPSS 0.2%CVE-2026-41270HIGHFlowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function SandboxEPSS 0.2%CVE-2024-0373MEDIUMViews for WPForms <= 3.2.2 - Cross-Site Request Forgery via save_viewEPSS 0.2%