Falhas do tipo CWE-284

4.449 resultados
CVE-2026-5546MEDIUMCampcodes Complete Online Learning Management System Crud_model.php add_lesson unrestricted uploadEPSS 0.3%CVE-2023-24484MEDIUMA malicious user can cause log files to be written to a directory that they do not have permission to write to.EPSS 0.3%CVE-2026-24904MEDIUMTrustTunnel has `client_random_prefix` rule bypass via fragmented or partial TLS ClientHelloEPSS 0.3%CVE-2026-54400CRITICALA malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi AccesEPSS 0.3%CVE-2025-48025MEDIUMIn Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000, there is an impropeEPSS 0.3%CVE-2025-57489HIGHIncorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to tEPSS 0.3%CVE-2026-6489MEDIUMQueryMine sms Background Management addteacher.php unrestricted uploadEPSS 0.3%CVE-2026-13933MEDIUMInsufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the rendeEPSS 0.3%CVE-2026-26183HIGHRemote Access Management service/API (RPC server) Elevation of Privilege VulnerabilityEPSS 0.3%CVE-2026-32138HIGHNEXULEAN API Key LeakEPSS 0.3%CVE-2026-48928MEDIUMA inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects allEPSS 0.3%CVE-2025-7106MEDIUMAuthorization Bypass due to Incorrect Access Control in danny-avila/librechatEPSS 0.3%CVE-2025-53111MEDIUMGLPI exposes data to non-allowed usersEPSS 0.3%CVE-2023-21427MEDIUMImproper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition.EPSS 0.3%CVE-2025-63214MEDIUMAn issue was discovered in bridgetech VBC Server & Element Manager, firmware version 6.5.0-10 , 6.5.0-9, allowing unauthorized attackers to EPSS 0.3%CVE-2025-64064HIGHPrimakon Pi Portal 1.0.18 /api/v2/pp_users endpoint fails to adequately check user permissions before processing a PATCH request to modify tEPSS 0.3%CVE-2025-7051HIGHN-central Syslog Configuration Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-4026HIGHFlexNet Manager Suite Privilege Escalation VulnerabilityEPSS 0.3%CVE-2024-46948MEDIUMNorthern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control.EPSS 0.3%CVE-2025-32790MEDIUMDify Allows Insecure User Role Access Control for APP DSL ExportingEPSS 0.3%