Fallos del tipo CWE-284

4429 resultados
CVE-2025-2280HIGHImproper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to EPSS 0.5%CVE-2026-2668MEDIUMRongzhitong Visual Integrated Command and Dispatch Platform User add access controlEPSS 0.5%CVE-2025-2973MEDIUMcode-projects College Management System student.php unrestricted uploadEPSS 0.5%CVE-2019-10166HIGHIt was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManaEPSS 0.5%CVE-2024-3164MEDIUMIn dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is and always has been an Admin portlet, is acceEPSS 0.5%CVE-2024-13210MEDIUMdonglight bookstore电商书城系统说明 AdminBookController. java uploadPicture unrestricted uploadEPSS 0.5%CVE-2026-28876HIGHA parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.7.7 and iPadOSEPSS 0.5%CVE-2024-47910HIGHAn issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modEPSS 0.5%CVE-2023-40730HIGHA vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application lacks suffiEPSS 0.5%CVE-2024-39376CRITICALImproper Access Control In TELSAT MarKoni FM TransmitterEPSS 0.5%CVE-2025-24429LOWAdobe Commerce | Improper Access Control (CWE-284)EPSS 0.5%CVE-2023-7055MEDIUMPHPGurukul Online Notes Sharing System Contact Information profile.php access controlEPSS 0.5%CVE-2024-5814MEDIUMUnverifed Ciphersuite used on a client-side TLS1.3 DowngradeEPSS 0.5%CVE-2024-21653MEDIUMvantage6 insecure SSH configuration for node and server containersEPSS 0.5%CVE-2025-6443HIGHMikrotik RouterOS VXLAN Source IP Improper Access Control VulnerabilityEPSS 0.5%CVE-2022-4810MEDIUMImproper Access Control in usememos/memosEPSS 0.5%CVE-2021-44465MEDIUMImproper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe EPSS 0.5%CVE-2025-24193LOWThis issue was addressed with improved authentication. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker with a USB-C connection EPSS 0.5%CVE-2020-22655HIGHIn Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, RuckusEPSS 0.5%CVE-2024-10353MEDIUMSourceCodester Online Exam System admin-dashboard access controlEPSS 0.5%