Fallos del tipo CWE-285
1296 resultadosCVE-2025-10819MEDIUMfuyang_lipengjun platform queryAll UserCouponController improper authorizationEPSS 0.3%CVE-2026-46605MEDIUMApache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incomplete authorization during destination removalEPSS 0.3%CVE-2025-65021CRITICALRallly Has Unauthorized Poll Finalization via Insecure Direct Object Reference (IDOR)EPSS 0.3%CVE-2023-28055HIGH
Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the saEPSS 0.3%CVE-2025-24376MEDIUMThe kubewarden-controller AdmissionPolicy and AdmissionPolicyGroup policies can be used to alter PolicyReport resourcesEPSS 0.3%CVE-2025-15126LOWJeecgBoot getPositionUserList improper authorizationEPSS 0.3%CVE-2024-9531MEDIUMMultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Missing Authorization to Forged Vendor Profile Deletion Email SendingEPSS 0.3%CVE-2026-6564MEDIUMEMQ EMQX Enterprise Session Handling improper authorizationEPSS 0.3%CVE-2024-56335HIGHPrivilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwardenEPSS 0.3%CVE-2024-11768MEDIUMDownload manager <= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected FilesEPSS 0.3%CVE-2025-54585HIGHGitProxy is vulnerable to a new branch approval exploitEPSS 0.3%CVE-2025-64063CRITICALPrimakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard uEPSS 0.3%CVE-2023-0665MEDIUMVault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer MetadataEPSS 0.3%CVE-2025-63691CRITICALIn pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System Management module, the token query interfaEPSS 0.3%CVE-2025-10374MEDIUMShenzhen Sixun Business Management System OperatorStop improper authorizationEPSS 0.3%CVE-2025-65094HIGHWBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation (IDOR)EPSS 0.3%CVE-2026-2733LOWOrg.keycloak/keycloak-services: keycloak: missing check on disabled client for docker registry protocolEPSS 0.3%CVE-2025-27399MEDIUMMastodon's domain blocks & rationales ignore user approval when visibility set as "users"EPSS 0.3%CVE-2025-60784MEDIUMA vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.EPSS 0.3%CVE-2023-32967MEDIUMQTS, QuTScloudEPSS 0.3%