Fallos del tipo CWE-285
1302 resultadosCVE-2023-22636MEDIUMAn unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allowEPSS 0.2%CVE-2023-35022LOWIBM InfoSphere Information Server improper authenticationEPSS 0.2%CVE-2025-6639MEDIUMTutor LMS Pro – eLearning and online course solution <= 3.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to View/Edit Other AssignmentsEPSS 0.2%CVE-2025-22175MEDIUMJira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of senEPSS 0.2%CVE-2025-22169MEDIUMJira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of senEPSS 0.2%CVE-2026-32619MEDIUMDiscourse: Insufficient topic visibility check allows unauthorized poll manipulation in private categoriesEPSS 0.2%CVE-2025-22239HIGHCVE-2025-22239 salt advisoryEPSS 0.2%CVE-2025-9988MEDIUMBroadstreet <= 1.53.1 - Missing Authorization to Authenticated (Subscriber+) Advertiser CreationEPSS 0.2%CVE-2025-65963MEDIUMCFiles Unauthorized Folder/ZIP Access in Public SpacesEPSS 0.2%CVE-2022-41610MEDIUMImproper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authEPSS 0.2%CVE-2022-45128MEDIUMImproper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of sEPSS 0.2%CVE-2023-21429MEDIUMImproper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID.EPSS 0.2%CVE-2022-43465MEDIUMImproper authorization in the Intel(R) SCS software all versions may allow an authenticated user to potentially enable denial of service viaEPSS 0.2%CVE-2023-21432MEDIUMImproper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the ownEPSS 0.2%CVE-2026-48810MEDIUMFreeScout: Thread Edit Authorization Bypass via Missing Mailbox CheckEPSS 0.2%CVE-2026-20661MEDIUMAn authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOEPSS 0.2%CVE-2026-32615MEDIUMDiscourse: Category group moderators can perform actions on topics in restricted categories without read accessEPSS 0.2%CVE-2026-45147MEDIUMSiYuan: Broken access control in SiYuan `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to diskEPSS 0.2%CVE-2026-3237LOWIn affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiEPSS 0.2%CVE-2023-21424MEDIUMImproper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacEPSS 0.2%