Fallos del tipo CWE-284
4428 resultadosCVE-2023-6202MEDIUMInsecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost BoardsEPSS 0.4%CVE-2025-9941MEDIUMCodeAstro Real Estate Management System register.php unrestricted uploadEPSS 0.4%CVE-2024-27602CRITICALAlldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /apiEPSS 0.4%CVE-2024-39414MEDIUMBeing able to import/export tax rates without proper privilegesEPSS 0.4%CVE-2025-49591HIGHCryptPad 2FA Bypass VulnerabilityEPSS 0.4%CVE-2024-42048MEDIUMOpenOrange Business Framework version 1.15.5 installs to a directory with overly permissive access control, allowing all authenticated usersEPSS 0.4%CVE-2025-3558MEDIUMghostxbh uzy-ssm-mall uploadUserHeadImage unrestricted uploadEPSS 0.4%CVE-2025-27207MEDIUMAdobe Commerce | Improper Access Control (CWE-284)EPSS 0.4%CVE-2025-45611CRITICALIncorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET requesEPSS 0.4%CVE-2024-46610HIGHAn access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and passwoEPSS 0.4%CVE-2019-16640HIGHAn issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled (%00 and /vaEPSS 0.4%CVE-2024-37155MEDIUMOpenCTI May Bypass Introspection RestrictionEPSS 0.4%CVE-2023-46663HIGHImproper Access Control in Sielco PolyEco1000EPSS 0.4%CVE-2021-1284HIGHCisco SD-WAN vManage Software Authentication Bypass VulnerabilityEPSS 0.4%CVE-2022-44622LOWIn JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessiveEPSS 0.4%CVE-2026-46855CRITICALVulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metadata Plugin). Supported vEPSS 0.4%CVE-2026-2734MEDIUMAuthorization Bypass in SearchModelVersions in mlflow/mlflowEPSS 0.4%CVE-2024-22811HIGHAn issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the comEPSS 0.4%CVE-2025-10847HIGHDX UIM Probe Improper ACL Handling RCEEPSS 0.4%CVE-2025-63667HIGHIncorrect access control in SIMICAM v1.16.41-20250725, KEVIEW v1.14.92-20241120, ASECAM v1.14.10-20240725 allows attackers to access sensitiEPSS 0.4%