Falhas do tipo CWE-284
4.364 resultadosCVE-2019-6193HIGHAn information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthEPSS 1.0%CVE-2021-3992MEDIUMImproper Access Control in kevinpapst/kimai2EPSS 1.0%CVE-2024-45811MEDIUMserver.fs.deny bypassed when using ?import&raw in viteEPSS 1.0%CVE-2019-11892HIGHImproper access control in the JSON-RPC interface of the Bosch Smart Home Controller (SHC)EPSS 1.0%CVE-2022-39405MEDIUMVulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). The supported version thaEPSS 1.0%CVE-2023-2183MEDIUMGrafana is an open-source platform for monitoring and observability.
The option to send a test alert is not available from the user panel EPSS 1.0%CVE-2024-20926MEDIUMVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ScriptiEPSS 1.0%CVE-2017-8438—Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitionEPSS 1.0%CVE-2022-1521CRITICAL3.2.4 IMPROPER ACCESS CONTROL CWE-284EPSS 1.0%CVE-2024-24386HIGHAn issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder.EPSS 1.0%CVE-2020-8182—Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had tEPSS 1.0%CVE-2021-21965HIGHA denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34.EPSS 1.0%CVE-2021-0232HIGHParagon Active Assurance: Authentication bypass vulnerability in Control CenterEPSS 1.0%CVE-2025-46629MEDIUMLack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to performEPSS 1.0%CVE-2020-2504MEDIUMAbsolute path traversal vulnerability in QESEPSS 1.0%CVE-2021-39333HIGHHashthemes Demo Importer <= 1.1.1 Improper Access Control Allowing Content DeletionEPSS 1.0%CVE-2021-1478MEDIUMCisco Unified Communications Manager Denial of Service VulnerabilityEPSS 1.0%CVE-2018-0119—A vulnerability in certain authentication controls in the account services of Cisco Spark could allow an authenticated, remote attacker to iEPSS 1.0%CVE-2024-42919CRITICALeScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport.EPSS 1.0%CVE-2021-22853MEDIUMSoar Cloud System Co., Ltd. HR Portal - Broken Access ControlEPSS 1.0%