Fallos del tipo CWE-284
4395 resultadosCVE-2020-25634—A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitivEPSS 0.5%CVE-2023-21850HIGHVulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versioEPSS 0.5%CVE-2023-21854HIGHVulnerability in the Oracle Sales Offline product of Oracle E-Business Suite (component: Core Components). Supported versions that are affeEPSS 0.5%CVE-2023-21853HIGHVulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Synchronization). Supported versions that aEPSS 0.5%CVE-2024-0975MEDIUMWordPress Access Control <= 4.0.13 - Improper Access Control to Sensitive Information Exposure via REST APIEPSS 0.5%CVE-2022-2702HIGHSourceCodester Company Website CMS Cookie site-settings.php access controlEPSS 0.5%CVE-2023-45210MEDIUMPleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view tEPSS 0.5%CVE-2022-32507HIGHAn issue was discovered on certain Nuki Home Solutions devices. Some BLE commands, which should have been designed to be only called from prEPSS 0.5%CVE-2023-43505CRITICALA vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in SMB shares. This couldEPSS 0.5%CVE-2025-11647LOWTomofun Furbo 360/Furbo Mini GATT Service information disclosureEPSS 0.5%CVE-2019-10161HIGHIt was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() APEPSS 0.5%CVE-2024-12956MEDIUM1000 Projects Portfolio Management System MCA add_achievement_details.php unrestricted uploadEPSS 0.5%CVE-2022-3066MEDIUMAn issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.EPSS 0.5%CVE-2026-39006CRITICALAn issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component.EPSS 0.5%CVE-2023-0506HIGHByDemes Group Airspace CCTV Web Service Improper Access ControlEPSS 0.5%CVE-2023-32060MEDIUMDHIS2 Core Improper Access Control with Category Option Combination sharing in /api/trackedEntityInstance and /api/eventsEPSS 0.5%CVE-2024-38195HIGHAzure CycleCloud Remote Code Execution VulnerabilityEPSS 0.5%CVE-2024-41243MEDIUMAn Incorrect Access Control vulnerability was found in /smsa/view_marks.php in Kashipara Responsive School Management System v3.2.0, which aEPSS 0.5%CVE-2025-12201MEDIUMajayrandhawa User-Management-PHP-MYSQL User Management edit-user.php unrestricted uploadEPSS 0.5%CVE-2026-20825MEDIUMWindows Hyper-V Information Disclosure VulnerabilityEPSS 0.5%