Fallos del tipo CWE-285

1302 resultados
CVE-2026-49338HIGHSubsonic API: any authenticated user can delete or read any other user's playlist (IDOR)EPSS 0.2%CVE-2023-28385HIGHImproper authorization in the Intel(R) NUC Pro Software Suite for Windows before version 2.0.0.9 may allow a privileged user to potentially EPSS 0.2%CVE-2025-66290MEDIUMOrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Candidate AttachmentsEPSS 0.2%CVE-2023-2782MEDIUMSensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Infrastructure (ACI) befoEPSS 0.2%CVE-2025-53709MEDIUMAccess control issues impacting secure-upload serviceEPSS 0.2%CVE-2023-26466HIGHA user with non-Admin access can change a configuration file on the client to modify the Server URL.EPSS 0.2%CVE-2022-36871MEDIUMPending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackeEPSS 0.2%CVE-2023-25517HIGH NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources fEPSS 0.2%CVE-2022-36872MEDIUMPending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackEPSS 0.2%CVE-2026-32692HIGHUnauthorized update of out-of-scope Vault secretsEPSS 0.2%CVE-2026-13508MEDIUMkhoj-ai khoj Conversation Sharing api_chat.py authorizationEPSS 0.2%CVE-2022-4062HIGHA CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gEPSS 0.2%CVE-2026-55956MEDIUMApache Tomcat: Security constraints for default servlet ignored methodEPSS 0.2%CVE-2025-2528LOWImproper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use EPSS 0.2%CVE-2023-22636MEDIUMAn unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allowEPSS 0.2%CVE-2023-35022LOWIBM InfoSphere Information Server improper authenticationEPSS 0.2%CVE-2025-6639MEDIUMTutor LMS Pro – eLearning and online course solution <= 3.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to View/Edit Other AssignmentsEPSS 0.2%CVE-2026-32619MEDIUMDiscourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categoriesEPSS 0.2%CVE-2025-22175MEDIUMJira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of senEPSS 0.2%CVE-2025-22169MEDIUMJira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of senEPSS 0.2%