Fallos del tipo CWE-284

4410 resultados
CVE-2024-11211MEDIUMEyouCMS Website Logo unrestricted uploadEPSS 0.6%CVE-2023-46662HIGHImproper Access Control in Sielco PolyEco1000EPSS 0.6%CVE-2025-3790MEDIUMbaseweb JSite Apache Druid Monitoring Console index.html access controlEPSS 0.6%CVE-2025-1818MEDIUMzj1983 zz ZfileAction.upload unrestricted uploadEPSS 0.6%CVE-2025-24427MEDIUMAdobe Commerce | Improper Access Control (CWE-284)EPSS 0.6%CVE-2018-15395MEDIUMCisco Wireless LAN Controller Software Privilege Escalation VulnerabilityEPSS 0.6%CVE-2024-29836CRITICALBroken Authentication on USER_CHANGE in Evolution Controller allows unauthenticated account creation and takeoverEPSS 0.6%CVE-2023-47579Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the oEPSS 0.6%CVE-2025-2991MEDIUMTenda FH1202 Web Management Interface AdvSetWrlmacfilter access controlEPSS 0.6%CVE-2024-1230MEDIUMSimpleShop <= 2.10.0 - Cross-Site Request ForgeryEPSS 0.6%CVE-2024-25981MEDIUMMsa-24-0004: forum export did not respect activity group settingsEPSS 0.6%CVE-2024-25811MEDIUMAn access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information.EPSS 0.6%CVE-2024-12984MEDIUMAmcrest IP2M-841B Web Interface webCapsConfig information disclosureEPSS 0.6%CVE-2023-30582MEDIUMA vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flaEPSS 0.6%CVE-2025-66956CRITICALInsecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and executeEPSS 0.6%CVE-2024-45133LOWAdobe Commerce | Improper Access Control (CWE-284)EPSS 0.6%CVE-2025-54391CRITICALA vulnerability in the EnableTwoFactorAuthRequest SOAP endpoint of Zimbra Collaboration (ZCS) allows an attacker with valid user credentialsEPSS 0.6%CVE-2024-38371HIGHInsufficient access control for OAuth2 Device Code flow in authentikEPSS 0.6%CVE-2023-50702HIGHSikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users (and low-privileged uEPSS 0.6%CVE-2025-29515CRITICALIncorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modiEPSS 0.6%