Falhas do tipo CWE-284

4.431 resultados
CVE-2024-37314LOWNextcloud Photos' shared albums have no restriction on photo removalEPSS 0.4%CVE-2025-23083HIGHWith the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only tEPSS 0.4%CVE-2025-71380HIGHn8n - Arbitrary Command Execution via Execute Command NodeEPSS 0.4%CVE-2020-3418MEDIUMCisco IOS XE Wireless Controller Software for the Catalyst 9000 Family Improper Access Control VulnerabilityEPSS 0.4%CVE-2024-51734HIGHUser data deletion by anoynmous users in ZopeEPSS 0.4%CVE-2026-2975MEDIUMFastApiAdmin Custom Documentation Endpoint init_app.py reset_api_docs information disclosureEPSS 0.4%CVE-2026-7041MEDIUM666ghj MiroFish Werkzeug Debugger PIN console information disclosureEPSS 0.4%CVE-2022-24930MEDIUMAn Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted aEPSS 0.4%CVE-2025-12222MEDIUMBdtask Flight Booking Software Deposit deposit unrestricted uploadEPSS 0.4%CVE-2025-3830MEDIUMkuangstudy KuangSimpleBBS QuestionController.java fileUpload unrestricted uploadEPSS 0.4%CVE-2026-2983MEDIUMSourceCodester Student Result Management System Bulk Import import_users.php access controlEPSS 0.4%CVE-2024-40822LOWThis issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 anEPSS 0.4%CVE-2026-35313CRITICALVulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Supported versions that EPSS 0.4%CVE-2026-35294CRITICALVulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Mainframe Connectors). Supported versions tEPSS 0.4%CVE-2026-46907CRITICALVulnerability in the JD Edwards EnterpriseOne Order Promising product of Oracle JD Edwards (component: Order Promising Integration). The sEPSS 0.4%CVE-2026-46908CRITICALVulnerability in the JD Edwards EnterpriseOne Accounts Payable product of Oracle JD Edwards (component: Accounts Payable). The supported vEPSS 0.4%CVE-2026-35323CRITICALVulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are EPSS 0.4%CVE-2026-35316CRITICALVulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are EPSS 0.4%CVE-2022-45164MEDIUMAn issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel (delete) EPSS 0.4%CVE-2026-35284CRITICALVulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versionsEPSS 0.4%