Fallos del tipo CWE-285

1293 resultados
CVE-2026-45187MEDIUMApache OFBiz: Improper Authorization in Scheduled Job Creation Allows Low-Privileged Users to Submit System JobsEPSS 0.5%CVE-2022-31671HIGHHarbor fails to validate the user permissions when reading and updating job execution logs through the P2P preheat execution logsEPSS 0.5%CVE-2023-2345MEDIUMSourceCodester Service Provider Management System improper authorizationEPSS 0.5%CVE-2023-36826HIGHSentry vulnerable to improper authorization on debug and artifact file downloadsEPSS 0.5%CVE-2017-16726Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been deEPSS 0.5%CVE-2023-0584MEDIUMVK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings UpdateEPSS 0.5%CVE-2026-3817MEDIUMSourceCodester Patients Waiting Area Queue Management System patient-search.php improper authorizationEPSS 0.5%CVE-2024-6000HIGHFooEvents for WooCommerce <= 1.19.20 - Improper Authorization to (Contributor+) Arbitrary File UploadEPSS 0.5%CVE-2024-23649HIGHAny authenticated user may obtain private message details from other users on the same instanceEPSS 0.5%CVE-2024-28285CRITICALA Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reEPSS 0.5%CVE-2024-0870MEDIUMYITH WooCommerce Gift Cards <= 4.12.0 - Missing Authorization to Unauthenticated WooCommerce Settings UpdateEPSS 0.5%CVE-2025-1815MEDIUMpbrong hrms resource.go HrmsDB improper authorizationEPSS 0.5%CVE-2022-0027MEDIUMCortex XSOAR: Incorrect Authorization Vulnerability When Generating ReportsEPSS 0.5%CVE-2025-53106HIGHGraylog vulnerable to privilege escalation through API tokensEPSS 0.5%CVE-2022-31667MEDIUMHarbor fails to validate the user permissions when updating a robot accountEPSS 0.5%CVE-2022-39862MEDIUMImproper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorEPSS 0.5%CVE-2019-3820MEDIUMIt was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with EPSS 0.5%CVE-2023-0734HIGHImproper Authorization in wallabag/wallabagEPSS 0.5%CVE-2023-34091MEDIUMKyverno resource with a deletionTimestamp may allow policy circumventionEPSS 0.5%CVE-2026-24305CRITICALAzure Entra ID Elevation of Privilege VulnerabilityEPSS 0.5%