Fallos del tipo CWE-284

4447 resultados
CVE-2021-34724MEDIUMCisco IOS XE SD-WAN Software Privilege Escalation VulnerabilityEPSS 0.3%CVE-2026-31834HIGHUmbraco Affected by Vertical Privilege Escalation via Missing Authorization ChecksEPSS 0.3%CVE-2026-5546MEDIUMCampcodes Complete Online Learning Management System Crud_model.php add_lesson unrestricted uploadEPSS 0.3%CVE-2025-25585HIGHIncorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitEPSS 0.3%CVE-2025-53111MEDIUMGLPI exposes data to non-allowed usersEPSS 0.3%CVE-2026-48928MEDIUMA inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects allEPSS 0.3%CVE-2023-21427MEDIUMImproper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition.EPSS 0.3%CVE-2026-26183HIGHRemote Access Management service/API (RPC server) Elevation of Privilege VulnerabilityEPSS 0.3%CVE-2026-13933MEDIUMInsufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the rendeEPSS 0.3%CVE-2026-32138HIGHNEXULEAN API Key LeakEPSS 0.3%CVE-2025-63214MEDIUMAn issue was discovered in bridgetech VBC Server & Element Manager, firmware version 6.5.0-10 , 6.5.0-9, allowing unauthorized attackers to EPSS 0.3%CVE-2025-7106MEDIUMAuthorization Bypass due to Incorrect Access Control in danny-avila/librechatEPSS 0.3%CVE-2023-27879MEDIUMImproper access control in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable informEPSS 0.3%CVE-2026-4026HIGHFlexNet Manager Suite Privilege Escalation VulnerabilityEPSS 0.3%CVE-2024-46948MEDIUMNorthern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control.EPSS 0.3%CVE-2025-7051HIGHN-central Syslog Configuration Insecure Direct Object ReferenceEPSS 0.3%CVE-2025-64064HIGHPrimakon Pi Portal 1.0.18 /api/v2/pp_users endpoint fails to adequately check user permissions before processing a PATCH request to modify tEPSS 0.3%CVE-2023-23911An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a useEPSS 0.3%CVE-2026-27624HIGHCoturn: IPv4-mapped IPv6 (::ffff:0:0/96) bypasses denied-peer-ip ACLEPSS 0.3%CVE-2026-25229MEDIUMGogs Authorization Bypass Allows Cross-Repository Label ModificationEPSS 0.3%