Falhas do tipo CWE-284
4.460 resultadosCVE-2025-65798MEDIUMIncorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments maEPSS 0.2%CVE-2021-22126MEDIUMA use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2EPSS 0.2%CVE-2023-32285MEDIUMImproper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local accEPSS 0.2%CVE-2026-48936LOWA flaw in Node.js Permission API can cause a local server to be started (via a Unix domain socket), even without the `--allow-net` permissioEPSS 0.2%CVE-2022-3182—Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackersEPSS 0.2%CVE-2026-48900MEDIUMJoomla! Core - [20260516] - Incorrect Access Control in com_schedulerEPSS 0.2%CVE-2025-43328LOWA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitivEPSS 0.2%CVE-2024-47976MEDIUMImproper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized acEPSS 0.2%CVE-2026-35533HIGHmise has a local settings bypass config trust checksEPSS 0.2%CVE-2023-43072MEDIUM
Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unautheEPSS 0.2%CVE-2022-45112HIGHImproper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalEPSS 0.2%CVE-2026-39346MEDIUMOrangeHRM has Improper Access Control Allowing Access to Disabled Modules via URL EncodingEPSS 0.2%CVE-2024-29077MEDIUMImproper access control in some JAM STAPL Player software before version 2.6.1 may allow an authenticated user to potentially enable escalatEPSS 0.2%CVE-2024-34022MEDIUMImproper Access Control in some Thunderbolt(TM) Share software before version 1.0.49.9 may allow an authenticated user to potentially enableEPSS 0.2%CVE-2023-34470MEDIUMImproper access control EPSS 0.2%CVE-2026-12460MEDIUMInsufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromisedEPSS 0.2%CVE-2024-28170LOWImproper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to potentially enable information disclosuEPSS 0.2%CVE-2023-27301MEDIUMImproper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentEPSS 0.2%CVE-2026-46848HIGHVulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 14.EPSS 0.2%CVE-2026-40713MEDIUMDell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with EPSS 0.2%