Falhas do tipo CWE-284

4.436 resultados
CVE-2024-13133MEDIUMZeroWdd studentmanager StudentController. java editStudent unrestricted uploadEPSS 0.3%CVE-2024-35222MEDIUMiFrames Bypass Origin Checks for Tauri API Access ControlEPSS 0.3%CVE-2024-45734MEDIUMLow Privilege User can View Images on the Host Machine by using the PDF Export feature in Splunk Classic DashboardEPSS 0.3%CVE-2024-45735MEDIUMImproper Access Control for low-privileged user in Splunk Secure Gateway AppEPSS 0.3%CVE-2024-28968MEDIUMDell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collectioEPSS 0.3%CVE-2024-28965MEDIUMDell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API EPSS 0.3%CVE-2025-10608MEDIUMPortabilis i-Educar enrollment-history access controlEPSS 0.3%CVE-2025-67510CRITICALMySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”)EPSS 0.3%CVE-2025-11436MEDIUMJhumanJ OpnForm answer unrestricted uploadEPSS 0.3%CVE-2023-21777HIGHAzure App Service on Azure Stack Hub Elevation of Privilege VulnerabilityEPSS 0.3%CVE-2024-57152HIGHIncorrect access control in the preHandle function of my-site v1.0.2 allows attackers to access sensitive components without authentication EPSS 0.3%CVE-2024-53495HIGHIncorrect access control in the preHandle function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentEPSS 0.3%CVE-2025-61115HIGHABC Fine Wine & Spirits Android App version v.11.27.5 and before (package name com.cta.abcfinewineandspirits), developed by ABC Liquors, IncEPSS 0.3%CVE-2026-35223HIGHJoomla! Core - [20260508] - Improper access check in com_config webservice endpointsEPSS 0.3%CVE-2026-4191MEDIUMJawherKl node-api-postgres Profile Picture index.js path.extname unrestricted uploadEPSS 0.3%CVE-2025-63686MEDIUMThere is an arbitrary file download vulnerability in GuoMinJim PersonManage thru commit 5a02b1ab208feacf3a34fc123c9381162afbaa95 (2020-11-23EPSS 0.3%CVE-2026-34292HIGHVulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected areEPSS 0.3%CVE-2024-45982HIGHA host header injection vulnerability in scheduleR v0.0.18 allows attackers to obtain the password reset token via user interaction with a cEPSS 0.3%CVE-2025-37143MEDIUMAuthenticated Arbitrary File Download Vulnerability in CLI Binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor Web Interface (Physical Access Required)EPSS 0.3%CVE-2026-34287CRITICALVulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that iEPSS 0.3%