Fallos del tipo CWE-284
4445 resultadosCVE-2026-34291HIGHVulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.EPSS 0.3%CVE-2025-70614HIGHOpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panelEPSS 0.3%CVE-2026-46821HIGHVulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component: Common Components). Supported versionsEPSS 0.3%CVE-2026-46871MEDIUMVulnerability in the MySQL Shell product of Oracle MySQL (component: Shell for VS Code). The supported version that is affected is 2026.2.EPSS 0.3%CVE-2026-46818HIGHVulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affecteEPSS 0.3%CVE-2026-9445MEDIUMSourceCodester Simple POS and Inventory System File Extension addproduct.php unrestricted uploadEPSS 0.3%CVE-2026-34301MEDIUMVulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). TheEPSS 0.3%CVE-2025-14522MEDIUMbaowzh hfly upload_json.php unrestricted uploadEPSS 0.3%CVE-2026-46911CRITICALVulnerability in the JD Edwards EnterpriseOne Project Costing product of Oracle JD Edwards (component: Job Costing). The supported versionEPSS 0.3%CVE-2026-3111MEDIUMMultiple vulnerabilities on the Educativa CampusEPSS 0.3%CVE-2025-61879HIGHIn Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism.EPSS 0.3%CVE-2024-7553HIGHAccessing Untrusted Directory May Allow Local Privilege EscalationEPSS 0.3%CVE-2026-1079MEDIUMA native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension.EPSS 0.3%CVE-2026-24896MEDIUMOpenEMR has Broken Access Control that allows unauthorized access to EDI LogsEPSS 0.3%CVE-2024-27819LOWThe issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker withEPSS 0.3%CVE-2026-5960MEDIUMcode-projects Patient Record Management System SQL Database Backup File hcpms.sql information disclosureEPSS 0.3%CVE-2025-15404MEDIUMcampcodes School File Management System save_file.php unrestricted uploadEPSS 0.3%CVE-2026-8026MEDIUMFlowiseAI Flowise API Response account.service.ts login information disclosureEPSS 0.3%CVE-2024-31320HIGHIn setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation dEPSS 0.3%CVE-2026-5847MEDIUMcode-projects Movie Ticketing System SQL Database Backup File moviedb.sql information disclosureEPSS 0.3%