Falhas do tipo CWE-284
4.383 resultadosCVE-2024-21076HIGHVulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Offer LOV). Supported versions that are affecteEPSS 0.6%CVE-2025-55244CRITICALAzure Bot Service Elevation of Privilege VulnerabilityEPSS 0.6%CVE-2026-31272CRITICALMRCMS 3.1.2 contains an access control vulnerability. The save() method in src/main/java/org/marker/mushroom/controller/UserController.java EPSS 0.6%CVE-2025-63218CRITICALThe Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing auEPSS 0.6%CVE-2024-1088MEDIUMPassword Protected Store for WooCommerce <= 2.2 - Information Exposure via REST APIEPSS 0.6%CVE-2022-24309MEDIUMA vulnerability has been identified in Mendix Runtime V7 (All versions < V7.23.29), Mendix Runtime V8 (All versions < V8.18.16), Mendix RuntEPSS 0.6%CVE-2023-26205HIGHAn improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6EPSS 0.6%CVE-2024-0366MEDIUMStarbox – the Author Box for Humans <= 3.4.7 - Insecure Direct Object ReferenceEPSS 0.6%CVE-2024-3270LOWThingsBoard AdvancedFeature access controlEPSS 0.6%CVE-2025-0802MEDIUMSourceCodester Best Employee Management System Administrative Endpoint View_user.php access controlEPSS 0.6%CVE-2026-34381HIGHAdmidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccessEPSS 0.6%CVE-2024-22209MEDIUMXBlock custom auth does not respect JWT ScopesEPSS 0.6%CVE-2025-59494HIGHAzure Monitor Agent Elevation of Privilege VulnerabilityEPSS 0.6%CVE-2022-27673HIGHInsufficient access controls in the AMD Link Android app may potentially result in information disclosure.EPSS 0.6%CVE-2024-12235MEDIUMShenzhen Dashi Tongzhou Information Technology AgileBPM AuthorizationTokenCheckFilter.java doFilter access controlEPSS 0.6%CVE-2022-31024MEDIUMFederated editing allows iframing remote servers by default in richdocumentsEPSS 0.6%CVE-2025-28406CRITICALAn issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameterEPSS 0.6%CVE-2025-28410CRITICALAn issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whetheEPSS 0.6%CVE-2025-28405CRITICALAn issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus methodEPSS 0.6%CVE-2022-47542HIGHRed Gate SQL Monitor 11.0.14 through 12.1.46 has Incorrect Access Control, exploitable remotely for Escalation of Privileges.EPSS 0.6%