Falhas do tipo CWE-284

4.443 resultados
CVE-2025-66509HIGHLaraDashboard: 1-Click Pre-Auth RCE via Host Header + Module Installation ChainEPSS 0.4%CVE-2025-55368HIGHIncorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modifyEPSS 0.4%CVE-2026-20736HIGHGitea Web Attachment Deletion: Cross-Repository Unauthorized Deletion via Missing Repo Ownership CheckEPSS 0.4%CVE-2025-9774MEDIUMRemoteClinic edit-patient.php information disclosureEPSS 0.4%CVE-2025-62721HIGHLinkAce: Authorization Bypass Allows Unauthorized Access to All Private Links, Lists, and TagsEPSS 0.4%CVE-2025-28201MEDIUMAn issue in Victure RX1800 EN_V1.0.0_r12_110933 allows physically proximate attackers to execute arbitrary code or gain root access.EPSS 0.4%CVE-2026-47261HIGHWasmtime: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restrictionEPSS 0.4%CVE-2025-20219MEDIUMCisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Access Control Bypass VulnerabilityEPSS 0.4%CVE-2025-4291MEDIUMIdeaCMS saveUpload unrestricted uploadEPSS 0.4%CVE-2026-1061MEDIUMxiweicheng TMS FileController.java upload unrestricted uploadEPSS 0.4%CVE-2025-12346MEDIUMMaxSite CMS HTTP Header uploads-require-maxsite.php unrestricted uploadEPSS 0.4%CVE-2026-7468MEDIUM1024-lab smart-admin Demo Site index.html access controlEPSS 0.4%CVE-2026-21255HIGHWindows Hyper-V Security Feature Bypass VulnerabilityEPSS 0.4%CVE-2025-62474HIGHWindows Remote Access Connection Manager Elevation of Privilege VulnerabilityEPSS 0.4%CVE-2025-65176HIGHAn issue was discovered in Dynatrace OneAgent before 1.325.47. When attempting to access a remote network share from a machine where OneAgenEPSS 0.4%CVE-2025-3256MEDIUMxujiangfei admintwo updateSet access controlEPSS 0.4%CVE-2025-64110HIGHCursor: Authentication Bypass Possible via New Cursorignore WriteEPSS 0.4%CVE-2023-45228MEDIUMSielco Radio Link and Analog FM Transmitters Improper Access ControlEPSS 0.4%CVE-2026-35185HIGHHAX CMS's public /server-status endpoint exposes authentication tokens, user activity, and client IP addressesEPSS 0.4%CVE-2025-61748LOWVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: LibrariEPSS 0.4%