Falhas do tipo CWE-284

4.444 resultados
CVE-2025-5108MEDIUMzongzhige ShopXO ZIP File Payment.php Upload unrestricted uploadEPSS 0.3%CVE-2026-1742MEDIUMEFM ipTIME A8004T VPN Service timepro.cgi commit_vpncli_file_upload unrestricted uploadEPSS 0.3%CVE-2024-46916HIGHDiebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before theEPSS 0.3%CVE-2025-53003HIGHJanssen Config API returns results without scope verificationEPSS 0.3%CVE-2025-7573MEDIUMLB-LINK BL-WR9000 lighttpd.cgi bs_GetManPwd information disclosureEPSS 0.3%CVE-2025-7572MEDIUMLB-LINK BL-WR9000 lighttpd.cgi bs_GetHostInfo information disclosureEPSS 0.3%CVE-2026-58422CRITICALImproper authorization on OAuth sign-in callback silently re-enables administrator-disabled accountsEPSS 0.3%CVE-2025-11026MEDIUMgivanz Vvveb Configuration File information disclosureEPSS 0.3%CVE-2026-54305HIGHn8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE EndpointsEPSS 0.3%CVE-2022-20696HIGHCisco SD-WAN vManage Software Unauthenticated Access to Messaging Services VulnerabilityEPSS 0.3%CVE-2022-39867MEDIUMImproper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensEPSS 0.3%CVE-2025-50105HIGHVulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). Supported veEPSS 0.3%CVE-2024-20951MEDIUMVulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versionsEPSS 0.3%CVE-2026-40252MEDIUMBroken Access Control (IDOR) Leading to Cross-Tenant Application Access in FastGPTEPSS 0.3%CVE-2022-39865MEDIUMImproper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensiEPSS 0.3%CVE-2022-39871MEDIUMImproper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensEPSS 0.3%CVE-2022-39870MEDIUMImproper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensEPSS 0.3%CVE-2022-39869MEDIUMImproper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensEPSS 0.3%CVE-2022-39866MEDIUMImproper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitiEPSS 0.3%CVE-2019-6566GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which EPSS 0.3%