Fallos del tipo CWE-285
1301 resultadosCVE-2026-4549LOWmickasmt next-saas-stripe-starter Stripe API open-customer-portal.ts openCustomerPortal authorizationEPSS 0.3%CVE-2026-2105MEDIUMyeqifu warehouse Department Management DeptController.java deleteDept improper authorizationEPSS 0.3%CVE-2026-10269MEDIUMdecolua 9router HTTP Header dashboardGuard.js isAuthenticated improper authorizationEPSS 0.3%CVE-2026-46668LOWSpiceDB: Caveat structures with nested lists can result in improper cache reuseEPSS 0.3%CVE-2026-4171MEDIUMCodeGenieApp serverless-express API Endpoint TodoList.ts authorizationEPSS 0.3%CVE-2024-47165MEDIUMCORS origin validation accepts the null origin in GradioEPSS 0.3%CVE-2025-8790MEDIUMPortabilis i-Educar API Endpoint pessoa improper authorizationEPSS 0.3%CVE-2026-5529MEDIUMDromara lamp-cloud DefUserController pageUser improper authorizationEPSS 0.3%CVE-2024-21987MEDIUMImproper Authorization Vulnerability in SnapCenterEPSS 0.3%CVE-2026-9484MEDIUMSourceCodester Student Grades Management System classroom.php removeStudentFromClassroom improper authorizationEPSS 0.3%CVE-2026-1597MEDIUMBdtask SalesERP Administrative Endpoint improper authorizationEPSS 0.3%CVE-2026-2676MEDIUMGoogTech sms-ssm API LoginInterceptor.java preHandle improper authorizationEPSS 0.3%CVE-2026-7713MEDIUMcrocodilestick Calibre-Web-Automated Kobo auth-token Route kobo_auth.py generate_auth_token improper authorizationEPSS 0.3%CVE-2026-11521MEDIUMMohammed-eid35 bank-management-system-springboot Transaction Endpoint TransactionController.java improper authorizationEPSS 0.3%CVE-2025-12777MEDIUMYITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item DeletionEPSS 0.3%CVE-2026-34056HIGHOpenEMR has a Privilege Escalation that Allows a Low-Level User to View Admin-Only DataEPSS 0.3%CVE-2025-15125LOWJeecgBoot queryDepartPermission improper authorizationEPSS 0.3%CVE-2026-6571MEDIUMkodcloud KodExplorer systemRole.class.php roleGroupAction authorizationEPSS 0.3%CVE-2025-15122LOWJeecgBoot datarule loadDatarule improper authorizationEPSS 0.3%CVE-2024-44314MEDIUMTastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to updateEPSS 0.3%