Fallos del tipo CWE-552
327 resultadosCVE-2022-44356HIGHWAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allowEPSS 2.8%CVE-2024-4836HIGHLFI in sites managed by Edito CMSEPSS 2.6%CVE-2023-38952HIGHInsecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that sesEPSS 2.4%CVE-2022-33901MEDIUMWordPress MultiSafepay plugin for WooCommerce plugin <= 4.13.1 - Unauthenticated Arbitrary File Read vulnerabilityEPSS 2.1%CVE-2021-43821CRITICALFiles Accessible to External Parties in OpencastEPSS 2.0%CVE-2024-27894HIGHApache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS ProxyingEPSS 1.9%CVE-2017-12079—Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2EPSS 1.8%CVE-2020-1726MEDIUMA flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they areEPSS 1.8%CVE-2019-10930—A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet commuEPSS 1.8%CVE-2021-21355HIGHUnrestricted File Upload in Form FrameworkEPSS 1.6%CVE-2019-13941—A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web ServerEPSS 1.6%CVE-2021-1361CRITICALCisco NX-OS Software Unauthenticated Arbitrary File Actions VulnerabilityEPSS 1.6%CVE-2019-3569—HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintendedEPSS 1.5%CVE-2022-39208HIGHGit Repository Disclosure in OnedevEPSS 1.4%CVE-2025-68109CRITICALChurchCRM vulnerable to RCE with database restore functionalityEPSS 1.4%CVE-2023-31066CRITICALApache InLong: Insecure direct object references for inlong sourcesEPSS 1.4%CVE-2021-4463HIGHLongjing Technology BEMS API <= 1.21 Remote Arbitrary File DownloadEPSS 1.3%CVE-2024-21403CRITICALMicrosoft Azure Kubernetes Service Confidential Container Elevation of Privilege VulnerabilityEPSS 1.3%CVE-2022-45129HIGHPayara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than EPSS 1.3%CVE-2025-34110CRITICALColoradoFTP Server <= 1.3 Build 8 Path Traversal Information DisclosureEPSS 1.3%