Falhas do tipo CWE-284
4.460 resultadosCVE-2026-50892MEDIUMIncorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers EPSS 0.2%CVE-2025-30138MEDIUMAn issue was discovered on G-Net Dashcam BB GONX devices. Managing Settings and Obtaining Sensitive Data and Sabotaging Car Battery can be pEPSS 0.2%CVE-2022-46279MEDIUMImproper access control in the Intel(R) Retail Edge android application before version 3.0.301126-RELEASE may allow an authenticated user toEPSS 0.2%CVE-2026-3938MEDIUMInsufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the rendeEPSS 0.2%CVE-2025-43499MEDIUMThis issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, macOEPSS 0.2%CVE-2025-69988MEDIUMBS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Control. An unauthenticated attacker in physical proximity can associate wEPSS 0.2%CVE-2026-7373HIGHMetasploit Pro on Windows: Local Privilege Escalation via OpenSSL Configuration File LoadingEPSS 0.2%CVE-2026-42158LOWFlowsint: Broken Access Control allows modification of investigation metadata from any userEPSS 0.2%CVE-2022-3746MEDIUMA potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevatEPSS 0.2%CVE-2026-40874MEDIUMmailcow: dockerized missing authorization on Forwarding Hosts delete actionEPSS 0.2%CVE-2025-11641LOWTomofun Furbo 360/Furbo Mini Trial Restriction access controlEPSS 0.2%CVE-2022-37410HIGHImproper access control for some Intel(R) Thunderbolt driver software before version 89 may allow an authenticated user to potentially enablEPSS 0.2%CVE-2025-31212MEDIUMThis issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, EPSS 0.2%CVE-2023-28051HIGH
Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentiallyEPSS 0.2%CVE-2025-27238LOWAPI hostprototype.get lists data to users with insufficient authorization.EPSS 0.2%CVE-2024-27792MEDIUMThis issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4. An app may be able to acEPSS 0.2%CVE-2025-43294LOWAn issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.EPSS 0.2%CVE-2026-54015MEDIUMOpen WebUI: Prompt history IDOR: unbound history_id allows cross-prompt read and deletionEPSS 0.2%CVE-2026-46865HIGHVulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). SupEPSS 0.2%CVE-2025-65096MEDIUMRomM Insecure Direct Object Reference (IDOR) Allows Unauthorized Access to Private CollectionsEPSS 0.2%