Falhas do tipo CWE-284
4.443 resultadosCVE-2026-46919CRITICALVulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that EPSS 0.4%CVE-2025-25621MEDIUMUnifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected eEPSS 0.4%CVE-2026-2666MEDIUMmingSoft MCMS Template Archive uploadTemplate.do unrestricted uploadEPSS 0.4%CVE-2025-4258MEDIUMzhangyanbo2007 youkefu MediaController.java upload unrestricted uploadEPSS 0.4%CVE-2024-41144MEDIUMMalicious remote can create/update/delete arbitrary posts in arbitrary channelsEPSS 0.4%CVE-2024-13240HIGHOpen Social - Moderately critical - Access bypass - SA-CONTRIB-2024-004EPSS 0.4%CVE-2026-22566HIGHAn Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credeEPSS 0.4%CVE-2019-9530—The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all filesEPSS 0.4%CVE-2025-62720HIGHLinkAce: Data Exfiltration via Export Functions Allow Access to All Users' Private LinksEPSS 0.4%CVE-2026-45178HIGHIdira Secrets Manager Self-Hosted: Improper Access Control in Internal Cluster EndpointsEPSS 0.4%CVE-2021-37183MEDIUMA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-EPSS 0.4%CVE-2025-12347MEDIUMMaxSite CMS save-file-ajax.php unrestricted uploadEPSS 0.4%CVE-2026-46932HIGHVulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Internal Operations). Supported versEPSS 0.4%CVE-2025-20190MEDIUMA vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attaEPSS 0.4%CVE-2026-9495MEDIUMVersions of the package @koa/router from 14.0.0 and before 15.0.0 are vulnerable to Access Control Bypass due to the middleware being silentEPSS 0.4%CVE-2023-39731—The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast meEPSS 0.4%CVE-2025-12223MEDIUMBdtask Flight Booking Software Package Information package-information unrestricted uploadEPSS 0.4%CVE-2025-60784MEDIUMA vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.EPSS 0.4%CVE-2024-1942MEDIUMMattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under speEPSS 0.4%CVE-2022-36385MEDIUMContec Health CMS8000EPSS 0.4%