Fallos del tipo CWE-285
1291 resultadosCVE-2023-48252HIGHThe vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests.EPSS 0.6%CVE-2022-31168MEDIUMZulip Server insufficient authorization for changing bot rolesEPSS 0.6%CVE-2023-0822HIGHImproper AuthorizationEPSS 0.6%CVE-2024-36108CRITICALMultiple Broken Function-Level Authorization vulnerabilities in casgateEPSS 0.6%CVE-2019-14828—A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with thEPSS 0.6%CVE-2025-7778CRITICALIcons Factory <= 1.6.12 - Missing Authorization to Unauthenticated Arbitrary File Deletion via delete_files() FunctionEPSS 0.6%CVE-2025-8261MEDIUMVaelsys VaelsysV4 User Creation vgrid_server.php improper authorizationEPSS 0.6%CVE-2020-5231MEDIUMOpencast users with ROLE_COURSE_ADMIN can create new usersEPSS 0.6%CVE-2023-20182MEDIUMCisco DNA Center Software API VulnerabilitiesEPSS 0.6%CVE-2025-27509CRITICALSAML authentication vulnerability due to improper SAML response validationEPSS 0.6%CVE-2026-5246MEDIUMCesanta Mongoose P-384 Public Key mongoose.c mg_tls_verify_cert_signature authorizationEPSS 0.6%CVE-2021-42331MEDIUMShinHer Information Co., LTD. ShinHer StudyOnline System - Improper Authorization-2EPSS 0.6%CVE-2022-33712—Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in EPSS 0.6%CVE-2021-27772HIGHHCL Sametime is vulnerable to an information disclosureEPSS 0.6%CVE-2017-9268MEDIUMopen-build-service retrigger / wipebinaries hitting the wrong project bypassing access permissionsEPSS 0.6%CVE-2024-2441HIGHVikBooking < 1.6.8 - Insecure Direct Object ReferencesEPSS 0.6%CVE-2019-25149HIGHGallery Images Ape <= 2.0.6 - Authenticated Plugin DeactivationEPSS 0.6%CVE-2025-21275HIGHWindows App Package Installer Elevation of Privilege VulnerabilityEPSS 0.6%CVE-2024-37282HIGHIt was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsEPSS 0.6%CVE-2025-5511MEDIUMquequnlong shiyi-blog photos improper authorizationEPSS 0.6%