Fallos del tipo CWE-284
4435 resultadosCVE-2025-62166HIGHFreshRSS has an IDOR which allows for viewing feeds of any user and leaking tokensEPSS 0.4%CVE-2025-10428MEDIUMSourceCodester Pet Grooming Management Software Setting seo_setting.php unrestricted uploadEPSS 0.4%CVE-2025-10427MEDIUMSourceCodester Pet Grooming Management Software user.php unrestricted uploadEPSS 0.4%CVE-2025-1391MEDIUMKeycloak-services: improper authorization in keycloak organization mapper allows unauthorized organization claimsEPSS 0.4%CVE-2025-3580MEDIUMAn access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server adminiEPSS 0.4%CVE-2025-5840MEDIUMSourceCodester Client Database Management System user_update_customer_order.php unrestricted uploadEPSS 0.4%CVE-2026-3025MEDIUMShuoRen Smart Heating Integrated Management Platform ExampleNodeService.asmx unrestricted uploadEPSS 0.4%CVE-2025-7939MEDIUMjerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java addGoods unrestricted uploadEPSS 0.4%CVE-2026-22043MEDIUMRustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account MintingEPSS 0.4%CVE-2025-29315CRITICALAn issue in the Shiro-based RBAC (Role-based Access Control) mechanism of OpenDaylight Service Function Chaining (SFC) Subproject SFC SodiumEPSS 0.4%CVE-2025-60427MEDIUMLibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken Access Control, where a user with the DJ role can access analytics datEPSS 0.4%CVE-2025-26010CRITICALTelesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword.EPSS 0.4%CVE-2025-12268MEDIUMLearnHouse Course Thumbnail courses unrestricted uploadEPSS 0.4%CVE-2026-30244HIGHPlane: Unauthenticated Workspace Member Information DisclosureEPSS 0.4%CVE-2025-8775MEDIUMQiyuesuo Eelectronic Signature Platform Scheduled Task upload execute unrestricted uploadEPSS 0.4%CVE-2024-9692MEDIUMImproper Access Control in Input in VIMESA VHF/FM Transmitter Blue PlusEPSS 0.4%CVE-2023-25757HIGHImproper access control in some Intel(R) Unison(TM) software before version 10.12 may allow a privileged user to potentially enable escalatiEPSS 0.4%CVE-2024-45233HIGHAn issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, dueEPSS 0.4%CVE-2023-50928HIGH sandbox-accounts-for-events security misconfiguration leads to budget exceedEPSS 0.4%CVE-2026-6602MEDIUMrickxy Hospital Management System his_admin_account.php unrestricted uploadEPSS 0.4%