Fallos del tipo CWE-284

4448 resultados
CVE-2026-2009MEDIUMSourceCodester Gas Agency Management System createUser.php access controlEPSS 0.3%CVE-2026-13931MEDIUMInappropriate implementation in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the rEPSS 0.3%CVE-2026-42861HIGHFlowise: Mass Assignment in Variable Update Endpoint Allows Cross-Workspace Resource ReassignmentEPSS 0.3%CVE-2026-25229MEDIUMGogs Authorization Bypass Allows Cross-Repository Label ModificationEPSS 0.3%CVE-2024-44914MEDIUMAn issue in the component EXR!ReadEXR+0x3df50 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. TEPSS 0.3%CVE-2023-23911An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a useEPSS 0.3%CVE-2025-11655MEDIUMTotal.js Flow SVG File unrestricted uploadEPSS 0.3%CVE-2025-10741MEDIUMSelleo Mentingo Profile Picture unrestricted uploadEPSS 0.3%CVE-2026-11466MEDIUMzilliztech deep-searcher collection_router.py CollectionRouter.invoke access controlEPSS 0.3%CVE-2026-29872HIGHA cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab82EPSS 0.3%CVE-2025-68949MEDIUMn8n has a Webhook Node IP Whitelist Bypass via Partial String MatchingEPSS 0.3%CVE-2026-35245HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.EPSS 0.3%CVE-2025-66397HIGHChurchCRM's Kiosk Manager Functions are vulnerable to Broken Access ControlEPSS 0.3%CVE-2022-20762HIGHCisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation VulnerabilityEPSS 0.3%CVE-2026-5779CRITICALMultiple vulnerabilities in MphRx's MinervaEPSS 0.3%CVE-2024-12306MEDIUMAccess Control Vulnerabilities Allow Unauthorized Access to User Profiles in UnifiedtransformEPSS 0.3%CVE-2025-65594HIGHOpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Student.php, which allows an authenticated low-privilege user to perform EPSS 0.3%CVE-2026-32994MEDIUMThe /api/v1/autotranslate.translateMessage endpoint in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.6, <7.13.8, and <7.10.12 allowsEPSS 0.3%CVE-2025-13275MEDIUMIqbolshoh php-business-website about.php unrestricted uploadEPSS 0.3%CVE-2024-47145LOWUnauthorized access on archived channels via file linksEPSS 0.3%