Fallos del tipo CWE-284

4459 resultados
CVE-2025-61762MEDIUMVulnerability in the PeopleSoft Enterprise FIN Payables product of Oracle PeopleSoft (component: Payables). The supported version that is EPSS 0.2%CVE-2025-43325MEDIUMAn access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensEPSS 0.2%CVE-2023-24481MEDIUMImproper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentEPSS 0.2%CVE-2023-26585MEDIUMImproper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentEPSS 0.2%CVE-2024-3746MEDIUMMeasuresoft ScadaPro Improper Access ControlEPSS 0.2%CVE-2026-8566MEDIUMInsufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretiEPSS 0.2%CVE-2025-65841MEDIUMAquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file ~/Library/Application Support/Aquarius/aquarius.EPSS 0.2%CVE-2023-43089MEDIUM Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user cEPSS 0.2%CVE-2026-56257HIGHCapgo - Authorization Bypass in App Ownership Transfer via Direct PostgREST UpdateEPSS 0.2%CVE-2026-43701HIGHThe issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A maliEPSS 0.2%CVE-2026-29197MEDIUMIn versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the endpoints /api/apps/logs and /api/apps/:id/EPSS 0.2%CVE-2025-3082LOWUser may override a view's collation and gain unauthorized access to underlying dataEPSS 0.2%CVE-2022-35276HIGHImproper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user tEPSS 0.2%CVE-2025-65097HIGHInsecure Direct Object Reference (IDOR) Allows Unauthorized Deletion of User CollectionsEPSS 0.2%CVE-2026-43934MEDIUMe107: Broken Access Control in e107 comment edit allows cross-user comment modificationEPSS 0.2%CVE-2025-36636MEDIUMImproper Access ControlEPSS 0.2%CVE-2023-35062MEDIUMImproper access control in some Intel(R) DSA software before version 23.4.33 may allow a privileged user to potentially enable escalation ofEPSS 0.2%CVE-2026-41487MEDIUMLangfuse: Improper role-based-access control in Langfuse LLM connection management allowed users of role “member” to retrieve stored LLM provider API keysEPSS 0.2%CVE-2025-43340HIGHA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to break out of itEPSS 0.2%CVE-2026-7021MEDIUMSmythOS sre Connector Service utils.ts information disclosureEPSS 0.2%