Falhas do tipo CWE-284
4.445 resultadosCVE-2025-15009MEDIUMliweiyi ChestnutCMS Filename upload FilenameUtils.getExtension unrestricted uploadEPSS 0.3%CVE-2025-56219HIGHIncorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to EPSS 0.3%CVE-2026-5122MEDIUMosrg GoBGP BGP OPEN Message bgp.go DecodeFromBytes access controlEPSS 0.3%CVE-2025-4310MEDIUMitsourcecode Content Management System add_topic.php unrestricted uploadEPSS 0.3%CVE-2025-29556HIGHExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users wiEPSS 0.3%CVE-2026-49002CRITICALBroken Access Control Vulnerabily in ZTE ZXUniPOS NDS-LTE productEPSS 0.3%CVE-2025-4006MEDIUMyouyiio BeyongCms Document Management Page Upload.html unrestricted uploadEPSS 0.3%CVE-2026-9421MEDIUMKLiK SocialMediaWebsite File upload.inc.php uniqid unrestricted uploadEPSS 0.3%CVE-2026-8033MEDIUMPicoTronica e-Clinic Healthcare System ECHS Response Header v2 information disclosureEPSS 0.3%CVE-2026-5601MEDIUMAcrel Electrical Prepaid Cloud Platform Backup File bin.rar information disclosureEPSS 0.3%CVE-2025-15197MEDIUMcode-projects/anirbandutta9 Content Management System/News-Buzz editposts.php unrestricted uploadEPSS 0.3%CVE-2025-15262MEDIUMBiggiDroid Simple PHP CMS Site Logo edit.php unrestricted uploadEPSS 0.3%CVE-2026-5863HIGHInappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandEPSS 0.3%CVE-2026-48904HIGHJoomla! Core - [20260514] - Privilege escalation through com_users webservice endpointsEPSS 0.3%CVE-2026-0844HIGHSimple User Registration <= 6.7 - Authenticated (Subscriber+) Privilege Escalation via profile_save_fieldEPSS 0.3%CVE-2026-41102HIGHMicrosoft PowerPoint for Android Spoofing VulnerabilityEPSS 0.3%CVE-2026-11458MEDIUMerzhongxmu JeeWMS Boot Actuator Endpoint actuator information disclosureEPSS 0.3%CVE-2026-41160MEDIUMEspoCRM: Broken Access Control / IDOR in Note Pinning API allows unauthorized modification of notesEPSS 0.3%CVE-2025-55895CRITICALTOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u.6437_B20230519 are vulnerable to Incorrect Access ContEPSS 0.3%CVE-2026-41101HIGHMicrosoft Word for Android Spoofing VulnerabilityEPSS 0.3%