Fallos del tipo CWE-284
4457 resultadosCVE-2026-32209MEDIUMWindows Filtering Platform (WFP) Security Feature Bypass VulnerabilityEPSS 0.2%CVE-2026-4628MEDIUMKeycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access controlEPSS 0.2%CVE-2026-25702HIGHnftables disabled due to incorrect kernel backportEPSS 0.2%CVE-2026-45266LOWNextcloud: Unauthorized force-mute from missing permission check when using internal signalingEPSS 0.2%CVE-2024-57336MEDIUMIncorrect access control in M2Soft CROWNIX Report & ERS affected v7.x to v7.4.3.599 and v8.x to v8.0.3.79 allows unauthorized attackers to oEPSS 0.2%CVE-2025-43270HIGHAn access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS VeEPSS 0.2%CVE-2023-22014HIGHVulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affectEPSS 0.2%CVE-2025-24887MEDIUMOpenCTI bypass of protected attribute updateEPSS 0.2%CVE-2026-34324MEDIUMVulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications (component: App Server). Supported versions thEPSS 0.2%CVE-2025-15152MEDIUMh-moses moga-mall PmsProductController.java addProduct unrestricted uploadEPSS 0.2%CVE-2024-37386MEDIUMAn issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0. Certain manipulations alEPSS 0.2%CVE-2025-43291MEDIUMA permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS TahoeEPSS 0.2%CVE-2026-21997HIGHVulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Applications (component: Common Core). Supported vEPSS 0.2%CVE-2024-38310MEDIUMImproper access control in some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalatioEPSS 0.2%CVE-2026-2850MEDIUMyeqifu warehouse Customer Endpoint CustomerController.java deleteCustomer access controlEPSS 0.2%CVE-2026-11275MEDIUMInappropriate implementation in Page Info in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised tEPSS 0.2%CVE-2026-9412MEDIUMSourceCodester Indian Invoicing System Backend Endpoint access controlEPSS 0.2%CVE-2026-11204MEDIUMInappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restricEPSS 0.2%CVE-2026-4505MEDIUMeosphoros-ai DB-GPT FastAPI Endpoint controller.py module_plugin.refresh_plugins unrestricted uploadEPSS 0.2%CVE-2023-39256HIGH
Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could EPSS 0.2%