Falhas do tipo CWE-284

4.449 resultados
CVE-2025-2706MEDIUMDigiwin ERP UploadAjaxAPI.ashx unrestricted uploadEPSS 0.3%CVE-2026-5001MEDIUMPromtEngineer localGPT server.py do_POST unrestricted uploadEPSS 0.3%CVE-2026-46979MEDIUMVulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and Interfaces). The sEPSS 0.3%CVE-2024-55019MEDIUMIncorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthentiEPSS 0.3%CVE-2026-28823MEDIUMA path handling issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.4. An app with root privileges may be abEPSS 0.3%CVE-2025-2702MEDIUMSoftwin WMX3 ImageAdd.ashx ImageAdd unrestricted uploadEPSS 0.3%CVE-2025-20316MEDIUMA vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches couEPSS 0.3%CVE-2026-2979MEDIUMFastApiAdmin Scheduled Task API controller.py user_avatar_upload_controller unrestricted uploadEPSS 0.3%CVE-2025-55371MEDIUMIncorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the iEPSS 0.3%CVE-2025-2671MEDIUMYue Lao Blind Box 月老盲盒 Upload.php base64image unrestricted uploadEPSS 0.3%CVE-2026-7733MEDIUMfunadmin Frontend Chunked Upload Endpoint UploadService.php chunkUpload unrestricted uploadEPSS 0.3%CVE-2024-1439MEDIUMInadequate access control vulnerability in MoodleEPSS 0.3%CVE-2025-20159MEDIUMCisco IOS XR Software Management Interface ACL Bypass VulnerabilityEPSS 0.3%CVE-2025-55367MEDIUMIncorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily moEPSS 0.3%CVE-2026-45282MEDIUMNextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file accessEPSS 0.3%CVE-2024-51954HIGHUnauthorized access to secure services in ArcGIS ServerEPSS 0.3%CVE-2025-20339MEDIUMCisco SD-WAN vEdge Software Access Control List Bypass VulnerabilityEPSS 0.3%CVE-2025-55366MEDIUMIncorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account EPSS 0.3%CVE-2025-65238MEDIUMIncorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackeEPSS 0.3%CVE-2026-2977MEDIUMFastApiAdmin Scheduled Task API controller.py upload_controller unrestricted uploadEPSS 0.3%