Falhas do tipo CWE-284

4.457 resultados
CVE-2024-1898LOWImproper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notEPSS 0.2%CVE-2026-25702HIGHnftables disabled due to incorrect kernel backportEPSS 0.2%CVE-2024-57336MEDIUMIncorrect access control in M2Soft CROWNIX Report & ERS affected v7.x to v7.4.3.599 and v8.x to v8.0.3.79 allows unauthorized attackers to oEPSS 0.2%CVE-2026-4628MEDIUMKeycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access controlEPSS 0.2%CVE-2026-45266LOWNextcloud: Unauthorized force-mute from missing permission check when using internal signalingEPSS 0.2%CVE-2025-43270HIGHAn access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS VeEPSS 0.2%CVE-2025-43291MEDIUMA permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS TahoeEPSS 0.2%CVE-2025-15152MEDIUMh-moses moga-mall PmsProductController.java addProduct unrestricted uploadEPSS 0.2%CVE-2023-22014HIGHVulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affectEPSS 0.2%CVE-2026-2850MEDIUMyeqifu warehouse Customer Endpoint CustomerController.java deleteCustomer access controlEPSS 0.2%CVE-2026-34324MEDIUMVulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications (component: App Server). Supported versions thEPSS 0.2%CVE-2025-24887MEDIUMOpenCTI bypass of protected attribute updateEPSS 0.2%CVE-2024-38310MEDIUMImproper access control in some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalatioEPSS 0.2%CVE-2026-21997HIGHVulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Applications (component: Common Core). Supported vEPSS 0.2%CVE-2024-37386MEDIUMAn issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.25, 4.4.0 through 4.7.5, and 4.8.0. Certain manipulations alEPSS 0.2%CVE-2026-55119HIGHA malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Talk AEPSS 0.2%CVE-2026-11078MEDIUMInappropriate implementation in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the rendereEPSS 0.2%CVE-2020-12488MEDIUMBroken Access Control Vulnerability in Jovi Smart SceneEPSS 0.2%CVE-2023-22293HIGHImproper access control in the Intel(R) Thunderbolt(TM) DCH drivers for Windows may allow an authenticated user to potentially enable escalaEPSS 0.2%CVE-2026-11197MEDIUMInsufficient policy enforcement in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the rendereEPSS 0.2%