Fallos del tipo CWE-266
960 resultadosCVE-2026-4548MEDIUMmickasmt next-saas-stripe-starter update-user-role.ts updateUserrole improper authorizationEPSS 0.2%CVE-2024-47904HIGHA vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All veEPSS 0.2%CVE-2024-20320HIGHA vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) EPSS 0.2%CVE-2025-23260MEDIUMNVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount atEPSS 0.2%CVE-2024-36534HIGHInsecure permissions in hwameistor v0.14.3 allows attackers to access sensitive data and escalate privileges by obtaining the service accounEPSS 0.2%CVE-2026-1411MEDIUMBeetel 777VR1 UART access controlEPSS 0.2%CVE-2026-22268MEDIUMDell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attaEPSS 0.2%CVE-2026-2209MEDIUMWeKan Custom Translation translationBody.js setCreateTranslation improper authorizationEPSS 0.2%CVE-2025-48695MEDIUMAn issue was discovered in CyberDAVA before 1.1.20. A privilege escalation vulnerability allows a low-privileged user to escalate their privEPSS 0.2%CVE-2023-40109HIGHIn createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lEPSS 0.2%CVE-2024-46511HIGHLoadZilla LLC LoadLogic v1.4.3 was discovered to contain insecure permissions vulnerability which allows a remote attacker to execute arbitrEPSS 0.2%CVE-2025-2850MEDIUMGL.iNet GL-A1300 Slate Plus Download Interface improper authorizationEPSS 0.2%CVE-2024-13248MEDIUMPrivate content - Moderately critical - Access bypass - SA-CONTRIB-2024-012EPSS 0.2%CVE-2024-41139HIGHIncorrect privilege assignment vulnerability exists in SKYSEA Client View Ver.6.010.06 to Ver.19.210.04e. If a user who can log in to the PCEPSS 0.2%CVE-2025-65807HIGHAn issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command.EPSS 0.2%CVE-2025-61785LOWDeno's --deny-write check does not prevent permission bypassEPSS 0.2%CVE-2025-4228MEDIUMCortex XDR Broker VM: Privilege Escalation (PE) VulnerabilityEPSS 0.2%CVE-2025-26517MEDIUMCVE-2025-26517 Privilege Escalation Vulnerability in StorageGRID (formerly StorageGRID Webscale)EPSS 0.2%CVE-2024-20389HIGHA vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, loEPSS 0.2%CVE-2026-53847MEDIUMOpenClaw < 2026.5.6 - Privilege Escalation via Active Memory Write ScopeEPSS 0.2%