Fallos del tipo CWE-285
1294 resultadosCVE-2023-5675MEDIUMQuarkus: authorization flaw in quarkus resteasy reactive and classic when "quarkus.security.jaxrs.deny-unannotated-endpoints" or "quarkus.security.jaxrs.default-roles-allowed" properties are used.EPSS 0.5%CVE-2026-6449MEDIUMBooking for Appointments and Events Calendar – Amelia <= 2.1.2 - Unauthenticated Authorization Bypass via Remote Approval EndpointEPSS 0.5%CVE-2024-20441MEDIUMCisco Nexus Dashboard Fabric Controller Unauthorized API Endpoint VulnerabilityEPSS 0.5%CVE-2021-25354LOWImproper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via EPSS 0.5%CVE-2022-2675—Unitree Go 1 "Robot Dog" Unauthenticated Remote Power DownEPSS 0.5%CVE-2024-39404MEDIUMA user without Shop Policy Parameters section privilege can alter the shop policy parameters sectionEPSS 0.5%CVE-2026-7681MEDIUMjsbroks COCO Annotator Dataset API datasets.py authorizationEPSS 0.5%CVE-2026-3265MEDIUMgo2ismail Free-CRM Security API improper authorizationEPSS 0.5%CVE-2025-21611HIGHtgstation-server's role authorization incorrectly OR'd with user's enabled statusEPSS 0.5%CVE-2026-9397CRITICALBesen BS20 EV Charging Station OTA Update Installation improper authorizationEPSS 0.5%CVE-2026-45503HIGHMicrosoft Exchange Server Information Disclosure VulnerabilityEPSS 0.5%CVE-2026-33668HIGHVikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID ConnectEPSS 0.5%CVE-2025-3202MEDIUMageerle ruoyi-ai SysNoticeController.java improper authorizationEPSS 0.5%CVE-2022-3187MEDIUMDataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connectionEPSS 0.5%CVE-2024-23576HIGHHCL Commerce is potentially affected by a denial of service and information disclosure vulnerabilityEPSS 0.5%CVE-2023-50871MEDIUMIn JetBrains YouTrack before 2023.3.22268 authorization check for inline comments inside thread replies was missedEPSS 0.4%CVE-2023-29152MEDIUMPTC Vuforia Studio Improper AuthorizationEPSS 0.4%CVE-2018-14662LOWIt was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used EPSS 0.4%CVE-2026-5412CRITICALJuju CloudSpec API could leak senstive informationEPSS 0.4%CVE-2026-28448MEDIUMOpenClaw 2026.1.29 < 2026.2.1 - Authorization Bypass in Twitch Plugin allowFrom Access ControlEPSS 0.4%