Fallos del tipo CWE-284
4409 resultadosCVE-2024-11214MEDIUMSourceCodester Best Employee Management System profile.php unrestricted uploadEPSS 0.6%CVE-2024-37289HIGHAn improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installatioEPSS 0.6%CVE-2024-0358MEDIUMDeShang DSO2O install.php access controlEPSS 0.6%CVE-2023-30539MEDIUMUsers can set up workflows using restricted and invisible system tags in NextcloudEPSS 0.6%CVE-2023-21849HIGHVulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java utils). Supported versions that are affectEPSS 0.6%CVE-2025-1606MEDIUMSourceCodester Best Employee Management System backups.php information disclosureEPSS 0.6%CVE-2024-45118MEDIUMAdobe Commerce | Improper Access Control (CWE-284)EPSS 0.6%CVE-2025-26616CRITICALPath Traversal endpoint 'exportar_dump.php' parameter 'file' in WeGIAEPSS 0.6%CVE-2023-5240—Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAEPSS 0.6%CVE-2024-21247LOWVulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.39 aEPSS 0.6%CVE-2024-57032CRITICALWeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old passEPSS 0.6%CVE-2021-45074MEDIUMJFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known useEPSS 0.6%CVE-2024-21074HIGHVulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Finance LOV). Supported versions that are affecEPSS 0.6%CVE-2022-28173CRITICALThe web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permissEPSS 0.6%CVE-2023-36889MEDIUMWindows Group Policy Security Feature Bypass VulnerabilityEPSS 0.6%CVE-2024-42480HIGHKamaji's RBAC Roles for `etcd` are not disjunctEPSS 0.6%CVE-2023-0811CRITICAL
Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a EPSS 0.6%CVE-2022-2052CRITICALTRUMPF TruTops default user accounts vulnerabilityEPSS 0.6%CVE-2022-46892CRITICALIn Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex.EPSS 0.6%CVE-2022-43977CRITICALAn issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The debug port accessible via TCP (a qconn sEPSS 0.6%