Fallos del tipo CWE-284

4436 resultados
CVE-2026-1170MEDIUMbirkir prime GraphQL API graphql information disclosureEPSS 0.4%CVE-2025-1590MEDIUMSourceCodester E-Learning System List of Lessons Page index.php unrestricted uploadEPSS 0.4%CVE-2026-31872HIGHParse Server has a protected fields bypass via dot-notation in query and sortEPSS 0.4%CVE-2021-25440Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files witEPSS 0.4%CVE-2025-2607MEDIUMphplaozhang LzCMS-LaoZhangBoKeXiTong HTTP POST Request upimage.html unrestricted uploadEPSS 0.4%CVE-2026-35320CRITICALVulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are EPSS 0.4%CVE-2026-11344MEDIUMcode-projects Vehicle Management System New Driver Registration Form newdriver.php unrestricted uploadEPSS 0.4%CVE-2026-46927HIGHVulnerability in the Oracle Receivables product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are afEPSS 0.4%CVE-2026-37979MEDIUMKeycloak: keycloak: information disclosure via oidc token introspection endpoint audience bypassEPSS 0.4%CVE-2025-11136MEDIUMYiFang CMS Backend File.php webUploader unrestricted uploadEPSS 0.4%CVE-2026-14792MEDIUMFormbricks Survey actions.ts access controlEPSS 0.4%CVE-2016-8656HIGHJboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result iEPSS 0.4%CVE-2024-8216MEDIUMnafisulbari/itsourcecode Insurance Management System Payment editPayment.php access controlEPSS 0.4%CVE-2025-8795MEDIUMLitmusChaos Litmus login access controlEPSS 0.4%CVE-2025-9973MEDIUMAuthorization Bypass via Adaptive Authentication in WSO2 Identity Server Allows Cross-Organization Account TakeoverEPSS 0.4%CVE-2026-2768CRITICALSandbox escape in the Storage: IndexedDB componentEPSS 0.4%CVE-2026-2226MEDIUMDouPHP ZIP File file.php unrestricted uploadEPSS 0.4%CVE-2024-23447MEDIUMElastic Network Drive Connector Improper Access ControlEPSS 0.4%CVE-2022-2792MEDIUMEmerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data EPSS 0.4%CVE-2023-46666MEDIUMElastic Sharepoint Online Python Connector Improper Access ControlEPSS 0.4%