Fallos del tipo CWE-266
950 resultadosCVE-2026-2105MEDIUMyeqifu warehouse Department Management DeptController.java deleteDept improper authorizationEPSS 0.3%CVE-2025-14660MEDIUMDecoCMS Mesh Workspace Domain api.ts createTool access controlEPSS 0.3%CVE-2026-1896MEDIUMWeKan Migration Operation comprehensiveBoardMigration.js ComprehensiveBoardMigration MigrationBleed access controlEPSS 0.3%CVE-2022-42825MEDIUMThis issue was addressed by removing additional entitlements. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and EPSS 0.3%CVE-2020-1704HIGHAn insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in EPSS 0.3%CVE-2025-53209CRITICALWordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation VulnerabilityEPSS 0.3%CVE-2025-8790MEDIUMPortabilis i-Educar API Endpoint pessoa improper authorizationEPSS 0.3%CVE-2026-5529MEDIUMDromara lamp-cloud DefUserController pageUser improper authorizationEPSS 0.3%CVE-2025-7552MEDIUMDromara Northstar Path AuthorizationInterceptor.java preHandle access controlEPSS 0.3%CVE-2019-19345HIGHA vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the EPSS 0.3%CVE-2026-11521MEDIUMMohammed-eid35 bank-management-system-springboot Transaction Endpoint TransactionController.java improper authorizationEPSS 0.3%CVE-2026-1597MEDIUMBdtask SalesERP Administrative Endpoint improper authorizationEPSS 0.3%CVE-2026-9484MEDIUMSourceCodester Student Grades Management System classroom.php removeStudentFromClassroom improper authorizationEPSS 0.3%CVE-2026-2676MEDIUMGoogTech sms-ssm API LoginInterceptor.java preHandle improper authorizationEPSS 0.3%CVE-2026-7713MEDIUMcrocodilestick Calibre-Web-Automated Kobo auth-token Route kobo_auth.py generate_auth_token improper authorizationEPSS 0.3%CVE-2023-29066LOWIncorrect User ManagementEPSS 0.3%CVE-2025-15122LOWJeecgBoot datarule loadDatarule improper authorizationEPSS 0.3%CVE-2026-3668LOWFreedom Factory dGEN1 org.ethosmobile.webpwaemul AndroidEthereum access controlEPSS 0.3%CVE-2025-48741MEDIUMA Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote,EPSS 0.3%CVE-2025-15123LOWJeecgBoot datarule improper authorizationEPSS 0.3%