Fallos del tipo CWE-284
4445 resultadosCVE-2026-2592HIGHZarinpal Gateway for WooCommerce <= 5.0.16 - Improper Access Control to Payment Status UpdateEPSS 0.3%CVE-2025-10070MEDIUMPortabilis i-Educar enturmacao-em-lote access controlEPSS 0.3%CVE-2025-70982CRITICALIncorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sEPSS 0.3%CVE-2026-40569CRITICALFreeScout's Mass Assignment in Mailbox Connection Settings Enables Silent Email ExfiltrationEPSS 0.3%CVE-2025-9400MEDIUMYiFang CMS P_file.php mergeMultipartUpload unrestricted uploadEPSS 0.3%CVE-2024-36492HIGHExisting local user overwritten by malicious remoteEPSS 0.3%CVE-2025-10072MEDIUMPortabilis i-Educar enturmar access controlEPSS 0.3%CVE-2024-20992MEDIUMVulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Content integration). The supported version tEPSS 0.3%CVE-2026-45658HIGHWindows BitLocker Security Feature Bypass VulnerabilityEPSS 0.3%CVE-2026-42205HIGHAvo: Broken Access Control: Unauthorized Execution of Arbitrary Action Classes Across ResourcesEPSS 0.3%CVE-2025-50405MEDIUMIntelbras RX1500 Router v2.2.17 and before is vulnerable to Incorrect Access Control in the FirmwareUpload function and GetFirmwareValidatioEPSS 0.3%CVE-2025-7100MEDIUMBoyunCMS Index.php unrestricted uploadEPSS 0.3%CVE-2026-7733MEDIUMfunadmin Frontend Chunked Upload Endpoint UploadService.php chunkUpload unrestricted uploadEPSS 0.3%CVE-2026-2979MEDIUMFastApiAdmin Scheduled Task API controller.py user_avatar_upload_controller unrestricted uploadEPSS 0.3%CVE-2025-2706MEDIUMDigiwin ERP UploadAjaxAPI.ashx unrestricted uploadEPSS 0.3%CVE-2025-55371MEDIUMIncorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the iEPSS 0.3%CVE-2026-45282MEDIUMNextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file accessEPSS 0.3%CVE-2025-55367MEDIUMIncorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily moEPSS 0.3%CVE-2026-46979MEDIUMVulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and Interfaces). The sEPSS 0.3%CVE-2024-51954HIGHUnauthorized access to secure services in ArcGIS ServerEPSS 0.3%