Fallos del tipo CWE-285

1301 resultados
CVE-2021-25353MEDIUMUsing empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of GalEPSS 0.2%CVE-2021-25373MEDIUMUsing unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in AndEPSS 0.2%CVE-2025-65020MEDIUMRallly Has Unauthorized Poll Duplication via Insecure Direct Object Reference (IDOR)EPSS 0.2%CVE-2021-25355MEDIUMUsing unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijEPSS 0.2%CVE-2024-0077HIGHCVEEPSS 0.2%CVE-2025-67259MEDIUMA Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorEPSS 0.2%CVE-2026-7782MEDIUMCodeCanyon Perfex CRM Tenant Clients.php project authorizationEPSS 0.2%CVE-2025-43231MEDIUMA logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8. An app may be able to access user-sensitive dataEPSS 0.2%CVE-2026-10212MEDIUMAstrBotDevs AstrBot astr_main_agent.py astr_main_agent authorizationEPSS 0.2%CVE-2021-25521MEDIUMInsecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in SEPSS 0.2%CVE-2025-6431MEDIUMThe prompt in Firefox for Android that asks before opening a link in an external application could be bypassedEPSS 0.2%CVE-2025-12958LOWRankology SEO and Analytics Tool <= 2.0 - Incorrect Authorization to Authenticated (Editor+) Header & Footer Code CreationEPSS 0.2%CVE-2025-13114MEDIUMmacrozheng mall-swarm attr updateAttr improper authorizationEPSS 0.2%CVE-2025-12494MEDIUMImage Gallery – Photo Grid & Video Gallery <= 2.12.28 - Improper Authorization to Authenticated (Author+) Arbitrary Image File MoveEPSS 0.2%CVE-2022-31609HIGHNVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources fEPSS 0.2%CVE-2026-7602MEDIUMJeecgBoot FillRuleUtil edit improper authorizationEPSS 0.2%CVE-2026-5999MEDIUMJeecgBoot SysAnnouncementController improper authorizationEPSS 0.2%CVE-2026-11476MEDIUMKushan2k student-management-system Profile Update Endpoint AdminController.php edit-admin improper authorizationEPSS 0.2%CVE-2026-11619MEDIUMDolibarr ERP CRM Legacy Filemanager config.inc.php improper authorizationEPSS 0.2%CVE-2021-25499HIGHIntent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access contEPSS 0.2%