Falhas do tipo CWE-284
4.459 resultadosCVE-2025-43207MEDIUMThis issue was addressed with improved entitlements. This issue is fixed in macOS Tahoe 26. An app may be able to access user-sensitive dataEPSS 0.2%CVE-2025-43325MEDIUMAn access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensEPSS 0.2%CVE-2026-3932MEDIUMInsufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation resEPSS 0.2%CVE-2026-56257HIGHCapgo - Authorization Bypass in App Ownership Transfer via Direct PostgREST UpdateEPSS 0.2%CVE-2025-3082LOWUser may override a view's collation and gain unauthorized access to underlying dataEPSS 0.2%CVE-2022-35276HIGHImproper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user tEPSS 0.2%CVE-2023-43089MEDIUM
Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user cEPSS 0.2%CVE-2026-29197MEDIUMIn versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the endpoints /api/apps/logs and /api/apps/:id/EPSS 0.2%CVE-2024-3746MEDIUMMeasuresoft ScadaPro Improper Access ControlEPSS 0.2%CVE-2025-65841MEDIUMAquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file ~/Library/Application Support/Aquarius/aquarius.EPSS 0.2%CVE-2023-26585MEDIUMImproper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentEPSS 0.2%CVE-2026-43701HIGHThe issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A maliEPSS 0.2%CVE-2026-8566MEDIUMInsufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretiEPSS 0.2%CVE-2025-36636MEDIUMImproper Access ControlEPSS 0.2%CVE-2026-41487MEDIUMLangfuse: Improper role-based-access control in Langfuse LLM connection management allowed users of role “member” to retrieve stored LLM provider API keysEPSS 0.2%CVE-2026-43934MEDIUMe107: Broken Access Control in e107 comment edit allows cross-user comment modificationEPSS 0.2%CVE-2023-35062MEDIUMImproper access control in some Intel(R) DSA software before version 23.4.33 may allow a privileged user to potentially enable escalation ofEPSS 0.2%CVE-2025-65097HIGHInsecure Direct Object Reference (IDOR) Allows Unauthorized Deletion of User CollectionsEPSS 0.2%CVE-2025-43340HIGHA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to break out of itEPSS 0.2%CVE-2025-30729MEDIUMVulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security).EPSS 0.2%