Fallos del tipo CWE-284
4445 resultadosCVE-2026-44976MEDIUMFrappe: IDOR in update_onboarding_stepEPSS 0.3%CVE-2026-2549MEDIUMzhanghuanhao LibrarySystem 图书馆管理系统 BookController.java access controlEPSS 0.3%CVE-2026-47182MEDIUMFrappe: Broken Access Control on Private FilesEPSS 0.3%CVE-2024-21103HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are PrioEPSS 0.3%CVE-2024-39361LOWCreating posts with user-defined IDs permitted in CreatePost APIEPSS 0.3%CVE-2025-64516HIGHGLPI incorrectly authorizes access to documentsEPSS 0.3%CVE-2021-4037—A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files foEPSS 0.3%CVE-2025-4333MEDIUMfeng_ha_ha/megagao ssm-erp/production_ssm FileServiceImpl.java uploadFile unrestricted uploadEPSS 0.3%CVE-2023-52114HIGHData confidentiality vulnerability in the ScreenReader module. Successful exploitation of this vulnerability may affect service integrity.EPSS 0.3%CVE-2025-14086MEDIUMyoulaitech youlai-mall openid access controlEPSS 0.3%CVE-2020-3503MEDIUMCisco IOS XE Software Guest Shell Unauthorized File System Access VulnerabilityEPSS 0.3%CVE-2025-46635HIGHAn issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. Improper network isolation between the guest Wi-Fi network and other network iEPSS 0.3%CVE-2025-4305MEDIUMkefaming mayi File.php upload unrestricted uploadEPSS 0.3%CVE-2024-36989MEDIUMLow-privileged user could create notifications in Splunk Web Bulletin MessagesEPSS 0.3%CVE-2026-28856MEDIUMThe issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacEPSS 0.3%CVE-2026-46872CRITICALVulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Install). Supported versions EPSS 0.3%CVE-2026-30689MEDIUMIn Blog.Core through bcb4d17, the getinfobytoken API interface contains improper access control that leads to sensitive data exposure. UnautEPSS 0.3%CVE-2026-20904MEDIUMGitea: Broken access control in OpenID visibility toggle enables cross-user visibility changesEPSS 0.3%CVE-2026-13964MEDIUMInsufficient policy enforcement in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigationEPSS 0.3%CVE-2025-63409HIGHPrivilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator onEPSS 0.3%