Fallos del tipo CWE-284
4390 resultadosCVE-2025-28410CRITICALAn issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whetheEPSS 0.6%CVE-2025-28408CRITICALAn issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpEPSS 0.6%CVE-2025-3236MEDIUMTenda FH1202 Web Management Interface VirSerDMZ access controlEPSS 0.6%CVE-2022-47542HIGHRed Gate SQL Monitor 11.0.14 through 12.1.46 has Incorrect Access Control, exploitable remotely for Escalation of Privileges.EPSS 0.6%CVE-2025-28405CRITICALAn issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus methodEPSS 0.6%CVE-2025-28402CRITICALAn issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameterEPSS 0.6%CVE-2025-28412CRITICALAn issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeControllerEPSS 0.6%CVE-2025-28413CRITICALAn issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController componentEPSS 0.6%CVE-2026-40498HIGHFreeScout has Authentication Bypass and Information Disclosure in SystemController via /system/cronEPSS 0.6%CVE-2023-0858LOWImproper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on theEPSS 0.6%CVE-2024-57190CRITICALErxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that containEPSS 0.6%CVE-2025-8226MEDIUMyanyutao0402 ChanCMS find information disclosureEPSS 0.6%CVE-2026-37235HIGHFlexRIC v2.0.0 trusts the xapp_id field from E42 message payloads without binding it to the sender's SCTP association. The validation functiEPSS 0.6%CVE-2025-14748MEDIUMNingyuanda TC155 ONVIF Device Management Service device_service access controlEPSS 0.6%CVE-2024-20657HIGHWindows Group Policy Elevation of Privilege VulnerabilityEPSS 0.6%CVE-2025-14286MEDIUMTenda AC9 Configuration File DownloadCfg.jpg information disclosureEPSS 0.6%CVE-2022-24038MEDIUMUnauthorized modification in Karmasis Informatics Infraskope SIEM+EPSS 0.6%CVE-2024-24486CRITICALAn issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit device settings via the SAVE EEP_DATA commaEPSS 0.6%CVE-2026-2938MEDIUMSourceCodester Student Result Management System update_smtp.php access controlEPSS 0.6%CVE-2023-47536LOWAn improper access control vulnerability [CWE-284] in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProEPSS 0.6%