Fallos del tipo CWE-285
1301 resultadosCVE-2025-13118MEDIUMmacrozheng mall-swarm paySuccess improper authorizationEPSS 0.2%CVE-2026-45297MEDIUMCross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatchEPSS 0.2%CVE-2023-40430MEDIUMA logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access removable volumes witEPSS 0.2%CVE-2026-45371HIGHSiYuan: SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIsEPSS 0.2%CVE-2020-36841MEDIUMWooCommerce Smart Coupons <= 4.6.0 - Unauthenticated Coupon CreationEPSS 0.2%CVE-2018-9867—In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in EPSS 0.2%CVE-2025-13085MEDIUMSiteSEO – SEO Simplified <= 1.3.2 - Insecure Direct Object Reference to Sensitive Post Meta DisclosureEPSS 0.2%CVE-2026-6609MEDIUMliangliangyy DjangoBlog views.py form_valid improper authorizationEPSS 0.2%CVE-2025-62401MEDIUMMoodle: possible to bypass timer in timed assignmentsEPSS 0.2%CVE-2025-61781HIGHGraphQL IDOR allows authenticated user to delete workspace content of other usersEPSS 0.2%CVE-2024-42039MEDIUMAccess control vulnerability in the SystemUI module
Impact: Successful exploitation of this vulnerability may affect service confidentialityEPSS 0.2%CVE-2026-12213MEDIUMhcengineering Huly Platform User Information operations.ts getAccountInfo improper authorizationEPSS 0.2%CVE-2026-23623MEDIUMCollabora Online vulnerable to Authorization BypassEPSS 0.2%CVE-2026-8747MEDIUMZ-BlogPHP Commend Approval c_system_event.php CheckComment improper authorizationEPSS 0.2%CVE-2025-46732MEDIUMOpenCTI's GraphQL IDOR enables authenticated users to modify or delete notifications of other usersEPSS 0.2%CVE-2026-7091MEDIUMcode-projects Invoice System in Laravel User Management user improper authorizationEPSS 0.2%CVE-2026-10211MEDIUMAstrBotDevs AstrBot fs.py _normalize_rw_path authorizationEPSS 0.2%CVE-2026-7093MEDIUMcode-projects Invoice System in Laravel Invoice Endpoint invoice improper authorizationEPSS 0.2%CVE-2025-14088MEDIUMketr JEPaaS load improper authorizationEPSS 0.2%CVE-2026-42202MEDIUMnova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fieldsEPSS 0.2%