Fallos del tipo CWE-284
4396 resultadosCVE-2025-59500HIGHAzure Notification Service Elevation of Privilege VulnerabilityEPSS 0.5%CVE-2023-51786CRITICALAn issue was discovered in Lustre versions 2.13.x, 2.14.x, and 2.15.x before 2.15.4, allows attackers to escalate privileges and obtain sensEPSS 0.5%CVE-2025-11646MEDIUMTomofun Furbo 360/Furbo Mini GATT Service access controlEPSS 0.5%CVE-2019-11894MEDIUMImproper access control in the backup mechanism of the Bosch Smart Home Controller (SHC)EPSS 0.5%CVE-2024-31805MEDIUMTOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter inEPSS 0.5%CVE-2023-43849MEDIUMIncorrect access control in firmware upgrade function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users EPSS 0.5%CVE-2023-5916MEDIUMLissy93 Dashy Configuration save access controlEPSS 0.5%CVE-2026-45177CRITICALIdira Secrets Manager SaaS Edge: Authentication Bypass of an internal validation mechanismEPSS 0.5%CVE-2024-20927HIGHVulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected areEPSS 0.5%CVE-2026-28863MEDIUMA permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, wEPSS 0.5%CVE-2025-47989HIGHArc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege VulnerabilityEPSS 0.5%CVE-2026-34570HIGHCI4MS: Account Deletion Module Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)EPSS 0.5%CVE-2024-52509LOWNextcloud Mail app does not respect download permissions in sharesEPSS 0.5%CVE-2025-11318MEDIUMTipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 uploadWxFile.do unrestricted uploadEPSS 0.5%CVE-2024-53573CRITICALUnifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusivelyEPSS 0.5%CVE-2026-34572HIGHCI4MS: Account Deactivation Module Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)EPSS 0.5%CVE-2025-2334MEDIUM274056675 springboot-openai-chatgpt Chat History chat deleteChat access controlEPSS 0.5%CVE-2024-4195LOWMattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authentEPSS 0.5%CVE-2024-4198LOWMattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authentiEPSS 0.5%CVE-2024-44860HIGHAn information disclosure vulnerability in the /Letter/PrintQr/ endpoint of Solvait v24.4.2 allows attackers to access sensitive data via a EPSS 0.5%