Fallos del tipo CWE-284
4457 resultadosCVE-2026-34283MEDIUMVulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Supported versions that areEPSS 0.2%CVE-2022-20358HIGHIn startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing EPSS 0.2%CVE-2023-42542LOWImproper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the deviEPSS 0.2%CVE-2026-11302MEDIUMInsufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretEPSS 0.2%CVE-2025-43498MEDIUMAn authorization issue was addressed with improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, EPSS 0.2%CVE-2025-64400MEDIUMInsufficient permission checks when pre-enrolling users SummaryEPSS 0.2%CVE-2026-34284MEDIUMVulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Human workflow 11g+). SupportEPSS 0.2%CVE-2026-34274MEDIUMVulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: User Interface). Supported versions that are affectEPSS 0.2%CVE-2022-36864MEDIUMImproper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and exeEPSS 0.2%CVE-2025-43337MEDIUMAn access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26. An app may EPSS 0.2%CVE-2023-2112LOWDesktop component allows lateral movement between sessionsEPSS 0.2%CVE-2022-41690HIGHImproper access control in the Intel(R) Retail Edge Mobile iOS application before version 3.4.7 may allow an authenticated user to potentialEPSS 0.2%CVE-2025-63562MEDIUMSummer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient server-side authorization. Authenticated atEPSS 0.2%CVE-2025-54561MEDIUMAn Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which aEPSS 0.2%CVE-2025-24516MEDIUMImproper access control for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an infoEPSS 0.2%CVE-2025-43369MEDIUMThis issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26. An app may be able to access protected uEPSS 0.2%CVE-2024-49600HIGHDell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local accEPSS 0.2%CVE-2022-41784HIGHImproper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow an authenticated user to potentEPSS 0.2%CVE-2023-28715MEDIUMImproper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated usEPSS 0.2%CVE-2026-41243MEDIUMOpenLearn's pending forum posts remain publicly readable by direct ID when moderation mode is enabledEPSS 0.2%