Fallos del tipo CWE-425
109 resultadosCVE-2026-10521HIGHAuthenticated unintended access to critical program parametersEPSS 0.3%CVE-2024-9945MEDIUMLimited Information Disclosure in GoAnywhere MFT Prior to 7.7.0EPSS 0.3%CVE-2025-48205HIGHThe sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.EPSS 0.3%CVE-2025-48207HIGHThe reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.EPSS 0.3%CVE-2025-48201HIGHThe ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location.EPSS 0.3%CVE-2023-22834LOWThe contour service was not checking that users had permission to create an analysis for a given datasetEPSS 0.3%CVE-2025-26381MEDIUMOpenBlue Mobile Web Application configuration issue for optional for OpenBlue Workplace (formerly FM Systems)EPSS 0.3%CVE-2025-6195MEDIUMDirect Request ('Forced Browsing') in GitLabEPSS 0.3%CVE-2025-14697MEDIUMShenzhen Sixun Software Sixun Shanghui Group Business Management System ExportFiles file accessEPSS 0.3%CVE-2026-34056HIGHOpenEMR has a Privilege Escalation that Allows a Low-Level User to View Admin-Only DataEPSS 0.3%CVE-2025-52920MEDIUMInnoshop through 0.4.1 allows Insecure Direct Object Reference (IDOR) at multiple places within the frontend shop. Anyone can create a custoEPSS 0.3%CVE-2025-59797MEDIUMProfession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/{id} and also URLs for eversports, thEPSS 0.3%CVE-2025-55736CRITICALflaskBlog allows arbitrary privilege escalationEPSS 0.2%CVE-2025-48202MEDIUMThe femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.EPSS 0.2%CVE-2026-7500MEDIUMOrg.keycloak.keycloak-services: improper access control on keycloak server when the account account api feature is disabledEPSS 0.2%CVE-2025-10287LOWroncoo roncoo-pay orderQuery direct requestEPSS 0.2%CVE-2026-34051MEDIUMOpenEMR has Improper ACL On Import/Export PopupEPSS 0.2%CVE-2026-8205MEDIUMConcrete CMS 9.5.0 and below is vulnerable to authorization bypass in Calendar Block since action_get_events does not check canView on the calendarEPSS 0.2%CVE-2025-41404MEDIUMDirect request ('Forced Browsing') issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-publicEPSS 0.2%CVE-2026-11986MEDIUMKeycloak-rest-admin-ui-ext: authorization bypass vulnerability in the admin-ui-ext bulk role-mapping-delete endpoints of keycloakEPSS 0.2%