Fallos del tipo CWE-285
1295 resultadosCVE-2024-5053MEDIUMContact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration ModificationEPSS 0.4%CVE-2025-13806MEDIUMnutzam NutzBoot Transaction API EthModule.java improper authorizationEPSS 0.4%CVE-2023-39400CRITICALParameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be reaEPSS 0.4%CVE-2023-39402CRITICALParameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be reaEPSS 0.4%CVE-2021-4335MEDIUMFancy Product Designer <= 4.6.9 - Insufficient Authorization on Mulitple AJAX ActionsEPSS 0.4%CVE-2025-25196MEDIUMOpenFGA Authorization BypassEPSS 0.4%CVE-2026-40259HIGHSiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via removeUnusedAttributeView APIEPSS 0.4%CVE-2024-22021MEDIUMVulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a ScoEPSS 0.4%CVE-2026-28685MEDIUMKimai: API invoice endpoint missing customer-level access control (IDOR)EPSS 0.4%CVE-2022-40536HIGHImproper authentication in ModemEPSS 0.4%CVE-2023-32678MEDIUMZulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribersEPSS 0.4%CVE-2026-33680HIGHVikunja Vulnerable to Link Share Hash Disclosure via ReadAll Endpoint Enables Permission EscalationEPSS 0.4%CVE-2025-10318MEDIUMJeecgBoot WebSocket Message sendWebSocketMsg improper authorizationEPSS 0.4%CVE-2022-31669MEDIUMHarbor fails to validate the user permissions when updating tag immutability policiesEPSS 0.4%CVE-2026-28839MEDIUMThe issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app mayEPSS 0.4%CVE-2025-32972LOWThe lesscss script service allows cache clearing without programming rightEPSS 0.4%CVE-2016-7035HIGHAn authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileEPSS 0.4%CVE-2025-8840MEDIUMjshERP Endpoint deleteBatch improper authorizationEPSS 0.4%CVE-2023-28325MEDIUMAn improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the EPSS 0.4%CVE-2026-1112MEDIUMSanluan PublicCMS Trade Address Deletion Endpoint TradeAddressController.java delete improper authorizationEPSS 0.4%