Falhas do tipo CWE-284
4.356 resultadosCVE-2023-3306HIGHRuijie RG-EW1200G Admin Password app.09df2a9e44ab48766f5f.js access controlEPSS 23.1%CVE-2019-8456—Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may allow an attacker with knowledge of the internal configurationEPSS 20.4%CVE-2024-24496CRITICALAn issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php,EPSS 19.5%CVE-2022-41654CRITICALAn authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafEPSS 18.9%CVE-2020-36197HIGHImproper Access Control Vulnerability in Music StationEPSS 18.5%CVE-2025-21293HIGHActive Directory Domain Services Elevation of Privilege VulnerabilityEPSS 18.2%CVE-2024-29990CRITICALMicrosoft Azure Kubernetes Service Confidential Container Elevation of Privilege VulnerabilityEPSS 18.0%CVE-2024-25852HIGHLinksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access controEPSS 16.5%CVE-2021-28809CRITICALMissing Authentication for Critical Function in RTRR Server in HBS3EPSS 15.8%CVE-2021-38454CRITICALMoxa MXview Network Management SoftwareEPSS 15.8%CVE-2023-0017CRITICALImproper access control in SAP NetWeaver AS for JavaEPSS 15.7%CVE-2024-40766CRITICALAn improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorizedEPSS 15.7%KEVCVE-2020-24433HIGHAdobe Acrobat Reader DC Local Privilege Escalation via Installer ComponentEPSS 15.2%CVE-2025-30281CRITICALColdFusion | Improper Access Control (CWE-284)EPSS 13.9%CVE-2015-4902MEDIUMUnspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related toEPSS 13.4%KEVCVE-2026-33478CRITICALAVideo Multi-Chain Attack: Unauthenticated Remote Code Execution via Clone Key Disclosure, Database Dump, and Command InjectionEPSS 13.3%CVE-2018-5406—The Quest Kace K1000 Appliance misconfigures the Cross-Origin Resource Sharing (CORS) mechanism.EPSS 12.2%CVE-2022-27511—Corruption of the system by a remote, unauthenticated user potentially leading to the reset of the administrator passwordEPSS 12.0%CVE-2023-41772HIGHWin32k Elevation of Privilege VulnerabilityEPSS 11.8%CVE-2025-20229HIGHRemote Code Execution through file upload to “$SPLUNK_HOME/var/run/splunk/apptemp“ directory in Splunk EnterpriseEPSS 11.8%