Fallos del tipo CWE-266

947 resultados
CVE-2025-9937MEDIUMelunez eladmin LocalStorageController deleteFile improper authorizationEPSS 0.3%CVE-2025-10992MEDIUMroncoo roncoo-pay lookupList improper authorizationEPSS 0.3%CVE-2019-19349An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped inEPSS 0.3%CVE-2025-39459HIGHWordPress Real Estate 7 theme <= 3.5.2 - Privilege Escalation vulnerabilityEPSS 0.3%CVE-2025-67953HIGHWordPress Booking Activities plugin <= 1.16.44 - Privilege Escalation vulnerabilityEPSS 0.3%CVE-2025-10384MEDIUMyangzongzhuan RuoYi Role cancelAll improper authorizationEPSS 0.3%CVE-2025-8756MEDIUMTDuckCloud tduck-platform manage preHandle improper authorizationEPSS 0.3%CVE-2025-10390MEDIUMCRMEB UserAddressServices.php editAddress improper authorizationEPSS 0.3%CVE-2026-12770MEDIUMBerriAI litellm Admin Key key_management_endpoints.py improper authorizationEPSS 0.3%CVE-2026-3761MEDIUMSourceCodester Client Database Management System Endpoint superadmin_user_delete.php improper authorizationEPSS 0.3%CVE-2023-39173MEDIUMIn JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account accessEPSS 0.3%CVE-2025-10819MEDIUMfuyang_lipengjun platform queryAll UserCouponController improper authorizationEPSS 0.3%CVE-2024-48941CRITICALThe Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interactiEPSS 0.3%CVE-2025-10820MEDIUMfuyang_lipengjun platform queryAll TopicController improper authorizationEPSS 0.3%CVE-2026-6201MEDIUMCodeAstro Online Job Portal Delete Job Posting job-delete.php access controlEPSS 0.3%CVE-2025-15126LOWJeecgBoot getPositionUserList improper authorizationEPSS 0.3%CVE-2025-7576MEDIUMTeledyne FLIR FB-Series O/FLIR FH-Series ID Production Tools production.html access controlEPSS 0.3%CVE-2026-6564MEDIUMEMQ EMQX Enterprise Session Handling improper authorizationEPSS 0.3%CVE-2026-22916MEDIUMAn attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictionsEPSS 0.3%CVE-2025-53428HIGHWordPress Simple User Registration plugin <= 6.8 - Privilege Escalation vulnerabilityEPSS 0.3%