Fallos del tipo CWE-284

4428 resultados
CVE-2026-46882CRITICALVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security). SupportedEPSS 0.5%CVE-2022-21586MEDIUMVulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supportEPSS 0.5%CVE-2025-1166MEDIUMSourceCodester Food Menu Manager update.php unrestricted uploadEPSS 0.5%CVE-2026-33318HIGHActual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated ServersEPSS 0.5%CVE-2023-34106MEDIUMGLPI vulnerable to unauthorized access to User dataEPSS 0.5%CVE-2023-29130CRITICALA vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the coEPSS 0.5%CVE-2023-34107MEDIUMGLPI vulnerable to unauthorized access to KnowbaseItem dataEPSS 0.5%CVE-2026-28838MEDIUMA permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, maEPSS 0.5%CVE-2025-8379MEDIUMCampcodes Online Hotel Reservation System edit_room.php unrestricted uploadEPSS 0.5%CVE-2024-56330CRITICALSession VNC may be accessed by other sessions on the same host in stardustEPSS 0.5%CVE-2024-52514MEDIUMNextcloud Server allows users to copy folder that contain files that are blocked by the files access controlEPSS 0.5%CVE-2024-13200MEDIUMwander-chu SpringBoot-Blog HTTP POST Request BaseInterceptor.java preHandle access controlEPSS 0.5%CVE-2024-10965MEDIUMemqx neuron JSON File schema information disclosureEPSS 0.5%CVE-2023-39961LOWText does not respect "Allow download" permissionsEPSS 0.5%CVE-2025-2280HIGHImproper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to EPSS 0.5%CVE-2024-42023HIGHAn improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely.EPSS 0.5%CVE-2025-4269MEDIUMTOTOLINK A720R Log cstecgi.cgi access controlEPSS 0.5%CVE-2024-33227HIGHAn issue in the component ddcdrv.sys of Nicomsoft WinI2C/DDC v3.7.4.0 allows attackers to escalate privileges and execute arbitrary code viaEPSS 0.5%CVE-2024-13210MEDIUMdonglight bookstore电商书城系统说明 AdminBookController. java uploadPicture unrestricted uploadEPSS 0.5%CVE-2024-3164MEDIUMIn dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is acceEPSS 0.5%