Falhas do tipo CWE-284
4.445 resultadosCVE-2025-30735HIGHVulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Page and Field ConfiguratiEPSS 0.3%CVE-2026-46808HIGHVulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that EPSS 0.3%CVE-2026-50891HIGHIncorrect access control in the /admin/api/config component of Filestash v0.4.0 allows attackers to escalate privileges via sending a crafteEPSS 0.3%CVE-2025-25734MEDIUMKapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an uEPSS 0.3%CVE-2024-9157HIGHPrivilege Escalation Vulnerability in CxUIUSvc serviceEPSS 0.3%CVE-2026-41491HIGHDapr: Service Invocation path traversal ACL bypassEPSS 0.3%CVE-2024-29207HIGHAn Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system.
AffeEPSS 0.3%CVE-2020-8902LOWSSRF in RendertronEPSS 0.3%CVE-2024-43409MEDIUMGhost's improper authentication allows access to member information and actionsEPSS 0.3%CVE-2025-6900MEDIUMcode-projects Library System add-book.php unrestricted uploadEPSS 0.3%CVE-2025-6837MEDIUMcode-projects Library System profile.php unrestricted uploadEPSS 0.3%CVE-2024-3127MEDIUMImproper Access Control in GitLabEPSS 0.3%CVE-2025-53049HIGHVulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Administration). EPSS 0.3%CVE-2022-42859MEDIUMMultiple issues were addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, watchOSEPSS 0.3%CVE-2025-11440MEDIUMJhumanJ OpnForm edit access controlEPSS 0.3%CVE-2020-3396MEDIUMCisco IOS XE Software IOx Guest Shell USB SSD Namespace Protection Privilege Escalation VulnerabilityEPSS 0.3%CVE-2020-1666MEDIUMJunos OS Evolved: 'console log-out-on-disconnect' fails to terminate session on console cable disconnectionEPSS 0.3%CVE-2025-55196HIGHExternal Secrets Operator Missing Namespace Restriction in PushSecret and SecretStore List() Calls Allows Unauthorized Secret AccessEPSS 0.3%CVE-2026-27471CRITICALERP: Document access through endpoints due to missing validationEPSS 0.3%CVE-2025-15448MEDIUMcld378632668 JavaMall MinioController.java upload unrestricted uploadEPSS 0.3%