Fallos del tipo CWE-266
939 resultadosCVE-2025-33179HIGHNVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized EPSS 0.5%CVE-2026-3817MEDIUMSourceCodester Patients Waiting Area Queue Management System patient-search.php improper authorizationEPSS 0.5%CVE-2021-36097LOWAgents are able to lock the ticket without the "Owner" permissionEPSS 0.5%CVE-2024-8420CRITICALDHVC Form <= 2.4.7 - Unauthenticated Privilege EscalationEPSS 0.5%CVE-2025-3664MEDIUMTOTOLINK A3700R cstecgi.cgi setWiFiEasyGuestCfg access controlEPSS 0.5%CVE-2025-3665MEDIUMTOTOLINK A3700R cstecgi.cgi setSmartQosCfg access controlEPSS 0.5%CVE-2025-11646MEDIUMTomofun Furbo 360/Furbo Mini GATT Service access controlEPSS 0.5%CVE-2025-4118MEDIUMWeitong Mall Product History historyList access controlEPSS 0.5%CVE-2025-2334MEDIUM274056675 springboot-openai-chatgpt Chat History chat deleteChat access controlEPSS 0.5%CVE-2025-1815MEDIUMpbrong hrms resource.go HrmsDB improper authorizationEPSS 0.5%CVE-2026-20804HIGHWindows Hello Tampering VulnerabilityEPSS 0.5%CVE-2025-5409MEDIUMMist Community Edition API Token views.py create_token access controlEPSS 0.5%CVE-2025-3666MEDIUMTOTOLINK A3700R cstecgi.cgi setDdnsCfg access controlEPSS 0.5%CVE-2026-3762MEDIUMSourceCodester Client Database Management System Endpoint superadmin_delete_manager.php improper authorizationEPSS 0.5%CVE-2025-3667MEDIUMTOTOLINK A3700R cstecgi.cgi setUPnPCfg access controlEPSS 0.5%CVE-2024-56000CRITICALWordPress K Elements plugin < 5.4.0 - Unauthenticated Account Takeover vulnerabilityEPSS 0.5%CVE-2025-2688MEDIUMTOTOLINK A3000RU Syslog Configuration File ExportSyslog.sh access controlEPSS 0.5%CVE-2025-31560HIGHWordPress Salon booking system plugin < 10.15 - Privilege Escalation vulnerabilityEPSS 0.5%CVE-2025-3674MEDIUMTOTOLINK A3700R cstecgi.cgi setUrlFilterRules access controlEPSS 0.5%CVE-2025-6527LOW70mai M300 Web Server access controlEPSS 0.5%