Falhas do tipo CWE-284

4.436 resultados
CVE-2025-31484CRITICALconda-forge infrastructure uses a bad token for Azure's cf-staging accessEPSS 0.4%CVE-2026-35262HIGHVulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Market Place). Supported versions that are affeEPSS 0.4%CVE-2026-45746CRITICALTermix Vulnerable to Arbitrary Command Execution via Session HijackingEPSS 0.4%CVE-2026-0653HIGHInsecure Access Control on TP-Link Tapo D235 and C260EPSS 0.4%CVE-2026-32737HIGHRomeo's invalid NetworkPolicy enables a malicious actor to pivot into another namespaceEPSS 0.4%CVE-2025-30714MEDIUMVulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0EPSS 0.4%CVE-2026-5261MEDIUMShandong Hoteam InforCenter PLM BaseHandler.ashx uploadFileToIIS unrestricted uploadEPSS 0.4%CVE-2026-24740HIGHDozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell AccessEPSS 0.4%CVE-2026-58282HIGHMicrosoft Edge (Chromium-based) Spoofing VulnerabilityEPSS 0.4%CVE-2026-58286HIGHMicrosoft Edge (Chromium-based) Spoofing VulnerabilityEPSS 0.4%CVE-2022-34453HIGH Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially EPSS 0.4%CVE-2025-5406MEDIUMchaitak-gorai Blogbook posts.php unrestricted uploadEPSS 0.4%CVE-2025-49707HIGHAzure Virtual Machines Spoofing VulnerabilityEPSS 0.4%CVE-2025-10083MEDIUMSourceCodester Pet Grooming Management Software profile.php unrestricted uploadEPSS 0.4%CVE-2022-45929HIGHNorthern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change EPSS 0.4%CVE-2026-6492MEDIUMarnobt78 Hotel Booking Management System Health Check Endpoint detailed information disclosureEPSS 0.4%CVE-2022-38655MEDIUMHCL BigFix WebUI is affected by a missing-permission-check vulnerabilityEPSS 0.4%CVE-2026-30966CRITICALParse Server role escalation and CLP bypass via direct `_Join` table writeEPSS 0.4%CVE-2025-14530MEDIUMSourceCodester Real Estate Property Listing App property.php unrestricted uploadEPSS 0.4%CVE-2025-51054MEDIUMVedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token withoEPSS 0.4%