Fallos del tipo CWE-284

4454 resultados
CVE-2026-49198HIGHPredator Connect W6x: MQTT Broker Access ControlEPSS 0.2%CVE-2026-31950MEDIUMLibreChat's IDOR in SSE Stream Subscription Allows Reading Other Users' ChatsEPSS 0.2%CVE-2023-38005MEDIUMImproper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]EPSS 0.2%CVE-2026-40867HIGHHorilla: Unauthorized Helpdesk Attachment Access via Attachment ID ManipulationEPSS 0.2%CVE-2025-31269MEDIUMA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be ableEPSS 0.2%CVE-2026-44352MEDIUMFlowsint: Broken Access Control allows reading of sketch logs from any userEPSS 0.2%CVE-2026-4027HIGHFlexNet Manager Suite Attachment File DisclosureEPSS 0.2%CVE-2026-22033HIGHLabel Studio vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys fieldEPSS 0.2%CVE-2026-40866HIGHHorilla: Unauthorized Document Overwrite via File Upload EndpointEPSS 0.2%CVE-2026-12212MEDIUMhcengineering Huly Platform RPC operations.ts getMailboxSecret access controlEPSS 0.2%CVE-2024-41308HIGHAn issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-EPSS 0.2%CVE-2026-24668MEDIUMOpen eClass Broken Access Control Allows Students to Add Content to Course UnitsEPSS 0.2%CVE-2026-24670MEDIUMOpen eClass Has Broken Access Control in Course Units Module Allows Students to Create UnitsEPSS 0.2%CVE-2026-6313LOWInsufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer EPSS 0.2%CVE-2022-34672HIGHNVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the secuEPSS 0.2%CVE-2024-41309HIGHAn issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gaEPSS 0.2%CVE-2025-43241MEDIUMA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS VenturEPSS 0.2%CVE-2026-7732MEDIUMcode-projects BloodBank Managing System request_blood.php unrestricted uploadEPSS 0.2%CVE-2025-9795MEDIUMxujeff tianti 天梯 UploadController.java ajaxUploadFile unrestricted uploadEPSS 0.2%CVE-2021-33162HIGHImproper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an authentEPSS 0.2%