Falhas do tipo CWE-284

4.443 resultados
CVE-2025-51532HIGHIncorrect access control in Sage DPW 2024_12_004 and earlier allows unauthorized attackers to access the built-in Database Monitor via a craEPSS 0.4%CVE-2025-30754MEDIUMVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). EPSS 0.4%CVE-2025-62166HIGHFreshRSS has an IDOR which allows for viewing feeds of any user and leaking tokensEPSS 0.4%CVE-2025-60305HIGHSourceCodester Online Student Clearance System 1.0 is vulnerable to Incorrect Access Control. The application contains a logic flaw which alEPSS 0.4%CVE-2025-45237HIGHIncorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive EPSS 0.4%CVE-2025-10427MEDIUMSourceCodester Pet Grooming Management Software user.php unrestricted uploadEPSS 0.4%CVE-2025-10428MEDIUMSourceCodester Pet Grooming Management Software Setting seo_setting.php unrestricted uploadEPSS 0.4%CVE-2025-3580MEDIUMAn access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server adminiEPSS 0.4%CVE-2025-29315CRITICALAn issue in the Shiro-based RBAC (Role-based Access Control) mechanism of OpenDaylight Service Function Chaining (SFC) Subproject SFC SodiumEPSS 0.4%CVE-2026-22043MEDIUMRustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account MintingEPSS 0.4%CVE-2025-26010CRITICALTelesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword.EPSS 0.4%CVE-2025-5840MEDIUMSourceCodester Client Database Management System user_update_customer_order.php unrestricted uploadEPSS 0.4%CVE-2025-1391MEDIUMKeycloak-services: improper authorization in keycloak organization mapper allows unauthorized organization claimsEPSS 0.4%CVE-2026-3025MEDIUMShuoRen Smart Heating Integrated Management Platform ExampleNodeService.asmx unrestricted uploadEPSS 0.4%CVE-2025-7939MEDIUMjerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java addGoods unrestricted uploadEPSS 0.4%CVE-2025-60427MEDIUMLibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken Access Control, where a user with the DJ role can access analytics datEPSS 0.4%CVE-2026-30244HIGHPlane: Unauthenticated Workspace Member Information DisclosureEPSS 0.4%CVE-2025-12268MEDIUMLearnHouse Course Thumbnail courses unrestricted uploadEPSS 0.4%CVE-2025-8775MEDIUMQiyuesuo Eelectronic Signature Platform Scheduled Task upload execute unrestricted uploadEPSS 0.4%CVE-2024-9692MEDIUMImproper Access Control in Input in VIMESA VHF/FM Transmitter Blue PlusEPSS 0.4%