Fallos del tipo CWE-284
4457 resultadosCVE-2025-5962HIGHRhel-lightspeed: improper access control in lightspeed history management allows local privilege manipulationEPSS 0.2%CVE-2026-7862HIGHEupago Gateway For Woocommerce < 4.7.2 - Unauthenticated Arbitrary Refund InitiationEPSS 0.2%CVE-2025-43495MEDIUMThe issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be aEPSS 0.2%CVE-2026-3796MEDIUMQi-ANXIN QAX Virus Removal Mini Filter Driver QKSecureIO_Imp.sys ZwTerminateProcess access controlEPSS 0.2%CVE-2022-36396HIGHImproper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmiEdit-Linux-5.27.06.0017 may allow a privEPSS 0.2%CVE-2024-43031MEDIUMautMan v2.9.6 was discovered to contain an access control issue.EPSS 0.2%CVE-2026-56217MEDIUMCapgo - Encrypted Bundle Policy Bypass via Direct PostgREST UpdateEPSS 0.2%CVE-2026-14776MEDIUMSourceCodester Onlne Examination & Learning Management System Filename Extension upload_files.php pathinfo unrestricted uploadEPSS 0.2%CVE-2026-13544MEDIUMFeehi CMS API users access controlEPSS 0.2%CVE-2025-54871MEDIUMElectron Capture is Vulnerable to TCC Bypass via Misconfigured Node Fuses (macOS)EPSS 0.2%CVE-2025-29557MEDIUMExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-leveEPSS 0.2%CVE-2026-11326MEDIUMOpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerabiliEPSS 0.2%CVE-2026-14777MEDIUMSourceCodester Onlne Examination & Learning Management System announcements.php unrestricted uploadEPSS 0.2%CVE-2025-61881MEDIUMVulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4EPSS 0.2%CVE-2026-11333MEDIUMtittuvarghese CollegeManagementSystem Student Data Upload Endpoint upload_student_data.php unrestricted uploadEPSS 0.2%CVE-2025-13249MEDIUMJiusi OA OfficeServer unrestricted uploadEPSS 0.2%CVE-2026-1009CRITICALStored Cross-Site Scripting in Altium Live Forum Leading to Cross-Customer Data ExposureEPSS 0.2%CVE-2026-14775MEDIUMSourceCodester Onlne Examination & Learning Management System process_lesson.php unrestricted uploadEPSS 0.2%CVE-2025-3768MEDIUMImproper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypassEPSS 0.2%CVE-2026-11277MEDIUMInsufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretEPSS 0.2%