Fallos del tipo CWE-281
210 resultadosCVE-2023-28668CRITICALJenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they've been disabled.EPSS 0.8%CVE-2024-56973CRITICALInsecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitraryEPSS 0.8%CVE-2021-3523—A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an aEPSS 0.8%CVE-2023-34672—Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting uEPSS 0.8%CVE-2024-1726MEDIUMQuarkus: security checks for some inherited endpoints performed after serialization in resteasy reactive may trigger a denial of serviceEPSS 0.7%CVE-2023-48240CRITICALXWiki Platform sends cookies to external images in rendered diff and is vulnerable to server side request forgeryEPSS 0.7%CVE-2022-38473HIGHA cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). ThisEPSS 0.7%CVE-2024-41649CRITICALInsecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitEPSS 0.7%CVE-2024-41644CRITICALInsecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitEPSS 0.7%CVE-2024-41645CRITICALInsecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitEPSS 0.7%CVE-2024-41646CRITICALInsecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitEPSS 0.7%CVE-2023-32552—An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certainEPSS 0.6%CVE-2023-28161HIGHIf temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permisEPSS 0.6%CVE-2019-14841HIGHA flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attEPSS 0.6%CVE-2022-36102MEDIUMAcess control list bypassed via crafted specific URLsEPSS 0.6%CVE-2024-10458MEDIUMA permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects EPSS 0.6%CVE-2022-36062HIGHGrafana folders admin only permission privilege escalationEPSS 0.6%CVE-2025-34298HIGHNagios Log Server < 2024R1.3.2 Set Email Privilege EscalationEPSS 0.6%CVE-2024-55507CRITICALAn issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the delete_e.php component.EPSS 0.6%CVE-2024-22114MEDIUMSystem Information Widget in Global View Dashboard exposes information about Hosts to Users without PermissionEPSS 0.6%