Fallos del tipo CWE-284

4444 resultados
CVE-2025-45617HIGHIncorrect access control in the component /user/list of production_ssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via EPSS 0.3%CVE-2023-31346MEDIUMFailure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests. EPSS 0.3%CVE-2025-0227MEDIUMTsinghua Unigroup Electronic Archives System downLoad.html information disclosureEPSS 0.3%CVE-2026-4220MEDIUMTechnologies Integrated Management Platform SetWebpagePic.jsp unrestricted uploadEPSS 0.3%CVE-2024-20938MEDIUMVulnerability in the Oracle iStore product of Oracle E-Business Suite (component: ECC). Supported versions that are affected are 12.2.3-12.EPSS 0.3%CVE-2025-45614HIGHIncorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a crafted payloEPSS 0.3%CVE-2025-45609HIGHIncorrect access control in the doFilter function of kob latest v1.0.0-SNAPSHOT allows attackers to access sensitive information via a craftEPSS 0.3%CVE-2024-20936MEDIUMVulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Documents). Supported versions that are aEPSS 0.3%CVE-2026-2075MEDIUMyeqifu warehouse Role-Permission Binding RoleController.java saveRolePermission access controlEPSS 0.3%CVE-2024-13855MEDIUMPrime Addons for Elementor <= 2.0.1 - Authenticated (Contributor+) Insecure Direct Object Reference via pae_global_block ShortcodeEPSS 0.3%CVE-2026-45654HIGHSecure Boot Security Feature Bypass VulnerabilityEPSS 0.3%CVE-2026-0577MEDIUMcode-projects Online Product Reservation System prod.php unrestricted uploadEPSS 0.3%CVE-2025-1881MEDIUMi-Drive i11/i12 Video Footage/Live Video Stream access controlEPSS 0.3%CVE-2026-1181CRITICALAltium 365 Over-Permissive CORS Configuration Allows Credentialed Cross-Origin Workspace AccessEPSS 0.3%CVE-2023-23908MEDIUMImproper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable informEPSS 0.3%CVE-2025-23164MEDIUMA misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier) could permit the recipient of a "Share EPSS 0.3%CVE-2025-8128MEDIUMzhousg letao product.js unrestricted uploadEPSS 0.3%CVE-2026-23660HIGHWindows Admin Center in Azure Portal Elevation of Privilege VulnerabilityEPSS 0.3%CVE-2025-6848MEDIUMcode-projects Simple Forum forum1.php unrestricted uploadEPSS 0.3%CVE-2024-38518MEDIUMbbb-web API additional parameters consideredEPSS 0.3%