Fallos del tipo CWE-269
1783 resultadosCVE-2024-47853HIGHAn issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into MahEPSS 0.3%CVE-2026-56225HIGHCapgo - Authorization Bypass in API Key Management via App-Limited KeysEPSS 0.3%CVE-2022-42796HIGHThis issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.7 and iPadOS 15.7, macOS Ventura 13. An app may be aEPSS 0.3%CVE-2022-24077—Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection.EPSS 0.3%CVE-2025-6080HIGHWPGYM <= 67.7.0 - Missing Authorization to Admin Account CreationEPSS 0.3%CVE-2023-46277—please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX arEPSS 0.3%CVE-2021-23880MEDIUMImproper Access Control in the ENS installerEPSS 0.3%CVE-2025-53025MEDIUMVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.EPSS 0.3%CVE-2025-53026MEDIUMVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.EPSS 0.3%CVE-2024-46989LOWMultiple caveats on resources of the same type can result in no permission when permission is expectedEPSS 0.3%CVE-2026-50566CRITICALFission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creationEPSS 0.3%CVE-2026-35595HIGHVikunja Affected by Privilege Escalation via Project ReparentingEPSS 0.3%CVE-2021-23882HIGHImproper Access Control in the ENS installerEPSS 0.3%CVE-2025-25202MEDIUMAsh Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`EPSS 0.3%CVE-2025-54996HIGHOpenBao Root Namespace Operator May Elevate Token PrivilegesEPSS 0.3%CVE-2022-34754MEDIUMA CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. Affected PrEPSS 0.3%CVE-2024-52336HIGHTuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by rootEPSS 0.3%CVE-2026-27803HIGHVaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager RoleEPSS 0.3%CVE-2025-11923HIGHLifterLMS – WP LMS for eLearning, Online Courses, & Quizzes - Various Versions - Authenticated (Student+) Privilege EscalationEPSS 0.3%CVE-2026-4314HIGHThe Ultimate WordPress Toolkit – WP Extended <= 3.2.4 - Authenticated (Subscriber+) Privilege Escalation via Menu Editor ModuleEPSS 0.3%