Falhas do tipo CWE-284

4.457 resultados
CVE-2026-24711MEDIUMNorthern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control.EPSS 0.2%CVE-2025-43534MEDIUMA path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.2 and iPadOS 26.2.EPSS 0.2%CVE-2026-48617LOWA flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation. This can lead to confideEPSS 0.2%CVE-2026-56302MEDIUMCapgo - Unsecured Supabase Images Bucket via Missing Row Level SecurityEPSS 0.2%CVE-2026-31950MEDIUMLibreChat's IDOR in SSE Stream Subscription Allows Reading Other Users' ChatsEPSS 0.2%CVE-2026-24670MEDIUMOpen eClass Has Broken Access Control in Course Units Module Allows Students to Create UnitsEPSS 0.2%CVE-2026-24668MEDIUMOpen eClass Broken Access Control Allows Students to Add Content to Course UnitsEPSS 0.2%CVE-2024-41309HIGHAn issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gaEPSS 0.2%CVE-2026-4027HIGHFlexNet Manager Suite Attachment File DisclosureEPSS 0.2%CVE-2024-41308HIGHAn issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-EPSS 0.2%CVE-2025-31269MEDIUMA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be ableEPSS 0.2%CVE-2022-34672HIGHNVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the secuEPSS 0.2%CVE-2026-44352MEDIUMFlowsint: Broken Access Control allows reading of sketch logs from any userEPSS 0.2%CVE-2026-40867HIGHHorilla: Unauthorized Helpdesk Attachment Access via Attachment ID ManipulationEPSS 0.2%CVE-2026-40866HIGHHorilla: Unauthorized Document Overwrite via File Upload EndpointEPSS 0.2%CVE-2026-22033HIGHLabel Studio vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys fieldEPSS 0.2%CVE-2023-38005MEDIUMImproper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]EPSS 0.2%CVE-2025-43241MEDIUMA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS VenturEPSS 0.2%CVE-2026-12212MEDIUMhcengineering Huly Platform RPC operations.ts getMailboxSecret access controlEPSS 0.2%CVE-2026-6313LOWInsufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer EPSS 0.2%