Fallos del tipo CWE-284

4451 resultados
CVE-2025-69221MEDIUMLibreChat has Insufficient Access Control for Agent Permission QueriesEPSS 0.2%CVE-2023-6259HIGHLocal Access to Sensitive Data in Brivo ACS100 and ACS300 EPSS 0.2%CVE-2025-67715MEDIUMWeblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)EPSS 0.2%CVE-2026-44957MEDIUMA missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowedEPSS 0.2%CVE-2024-5331MEDIUMBreakdance <= 1.7.2 - Missing AuthorizationEPSS 0.2%CVE-2022-32904MEDIUMAn access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS MonteEPSS 0.2%CVE-2026-45707HIGHn8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incompleteEPSS 0.2%CVE-2026-40904HIGHChartbrew: Incorrect Access Control in dataset and dataRequest routes via team-scoped permission checksEPSS 0.2%CVE-2024-0374MEDIUMViews for WPForms <= 3.2.2 - Cross-Site Request Forgery via create_viewEPSS 0.2%CVE-2025-60354HIGHUnauthorized modification of arbitrary articles vulnerability exists in blog-vue-springboot.EPSS 0.2%CVE-2024-0373MEDIUMViews for WPForms <= 3.2.2 - Cross-Site Request Forgery via save_viewEPSS 0.2%CVE-2025-2557MEDIUMAudi UTR Dashcam Command API access controlEPSS 0.2%CVE-2025-54343CRITICALAn Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitEPSS 0.2%CVE-2026-41270HIGHFlowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function SandboxEPSS 0.2%CVE-2026-48899MEDIUMJoomla! Core - [20260515] - Incorrect Access Control in sample data pluginsEPSS 0.2%CVE-2025-12344MEDIUMYonyou U8 Cloud Request Header NCloudGatewayServlet unrestricted uploadEPSS 0.2%CVE-2026-14034MEDIUMInappropriate implementation in WebXR in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restEPSS 0.2%CVE-2026-42177MEDIUMlinux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are grantedEPSS 0.2%CVE-2024-36293MEDIUMImproper access control in the EDECCSSA user leaf function for some Intel(R) Processors with Intel(R) SGX may allow an authenticated user toEPSS 0.2%CVE-2025-24885HIGHpwn.college has a XSS on dojo pagesEPSS 0.2%