Falhas do tipo CWE-284

4.444 resultados
CVE-2025-5382MEDIUMImproper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to rEPSS 0.3%CVE-2025-14642MEDIUMcode-projects Computer Laboratory System technical_staff_pic.php unrestricted uploadEPSS 0.3%CVE-2026-46939HIGHVulnerability in the Oracle Configure to Order product of Oracle E-Business Suite (component: Supply to Order Workbench). Supported versionEPSS 0.3%CVE-2025-58337MEDIUMApache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode for doris-mcp-server MCP ServerEPSS 0.3%CVE-2019-1866LOWCisco Webex Business Suite Host Header Value Integrity VulnerabilityEPSS 0.3%CVE-2025-30132CRITICALAn issue was discovered on IROAD Dashcam V devices. It uses an unregistered public domain name as an internal domain, creating a security riEPSS 0.3%CVE-2024-53494HIGHIncorrect access control in the preHandle function of SpringBootBlog v1.0.0 allows attackers to access sensitive components without authentiEPSS 0.3%CVE-2025-25950HIGHIncorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS)EPSS 0.3%CVE-2025-4735MEDIUMCampcodes Sales and Inventory System product.php unrestricted uploadEPSS 0.3%CVE-2025-28104CRITICALIncorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted input.EPSS 0.3%CVE-2023-45844HIGHThe vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android applEPSS 0.3%CVE-2025-55240HIGHVisual Studio Elevation of Privilege VulnerabilityEPSS 0.3%CVE-2025-29421HIGHPerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function.EPSS 0.3%CVE-2025-49603CRITICALNorthern.tech Mender Server before 3.7.11 and 4.x before 4.0.1 has Incorrect Access Control.EPSS 0.3%CVE-2024-9003MEDIUMJinan Chicheng Company JFlow Attachment EntityMutliFile_Load.do AttachmentUploadController access controlEPSS 0.3%CVE-2025-8344MEDIUMopenviglet shio ShStaticFileAPI.java shStaticFileUpload unrestricted uploadEPSS 0.3%CVE-2025-7576MEDIUMTeledyne FLIR FB-Series O/FLIR FH-Series ID Production Tools production.html access controlEPSS 0.3%CVE-2021-3987MEDIUMImproper Access Control in janeczku/calibre-webEPSS 0.3%CVE-2019-1664HIGHCisco HyperFlex Software Unauthenticated Root Access VulnerabilityEPSS 0.3%CVE-2025-30140HIGHAn issue was discovered on G-Net Dashcam BB GONX devices. A Public Domain name is Used for the Internal Domain Name. It uses an unregisteredEPSS 0.3%