Fallos del tipo CWE-284
4449 resultadosCVE-2026-28833MEDIUMA permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS EPSS 0.2%CVE-2025-70363HIGHIncorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access EPSS 0.2%CVE-2025-32790MEDIUMDify Allows Insecure User Role Access Control for APP DSL ExportingEPSS 0.2%CVE-2023-24215CRITICALIncorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrEPSS 0.2%CVE-2026-44478HIGHhoppscotch: Unauthenticated Onboarding Config Disclosure via Empty Recovery TokenEPSS 0.2%CVE-2024-28115HIGHPrivilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabledEPSS 0.2%CVE-2024-46539HIGHInsecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a EPSS 0.2%CVE-2025-10755MEDIUMSelleo Mentingo Content-Type unrestricted uploadEPSS 0.2%CVE-2026-44341MEDIUMGoJobs: Insecure Direct Object Reference (IDOR) in Job Retrieval EndpointEPSS 0.2%CVE-2022-28778MEDIUMImproper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder asEPSS 0.2%CVE-2026-2206MEDIUMWeKan Administrative Repair fixDuplicateLists.js FixDuplicateBleed access controlEPSS 0.2%CVE-2025-10669MEDIUMAirsonic-Advanced Playlist Upload unrestricted uploadEPSS 0.2%CVE-2026-47279MEDIUMNocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation EndpointsEPSS 0.2%CVE-2026-49161HIGHMicrosoft PC Manager Security Feature Bypass VulnerabilityEPSS 0.2%CVE-2021-22907—An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions pEPSS 0.2%CVE-2023-20237MEDIUMA vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services thaEPSS 0.2%CVE-2025-24857HIGHImproper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019EPSS 0.2%CVE-2025-66223HIGHOpenObserve's Invite Token Lifecycle MisconfigurationEPSS 0.2%CVE-2025-27215HIGHAn Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsuEPSS 0.2%CVE-2025-47220MEDIUMA local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLE_SIGNATURE_CUSTOM_IMAGE_PATH, which EPSS 0.2%