Fallos del tipo CWE-862

6730 resultados

CVE-2021-4341CRITICALuListing <= 1.6.6 - Unauthenticated Wordpress Options Changes via AJAXEPSS 1.1%CVE-2023-49620—Apache DolphinScheduler: Authenticated users could delete UDFs in resource center they were not authorized forEPSS 1.1%CVE-2024-8349HIGHUncanny Groups for LearnDash <= 6.1.0.1 - Authenticated (Group Leader+) Privilege EscalationEPSS 1.1%CVE-2022-0919—Salon booking system < 7.6.3 - Unauthenticated Sensitive Data DisclosureEPSS 1.1%CVE-2021-31384HIGHJunos OS: SRX Series: Under a specific device configuration an attacker can access the devices J-Web management services from any interface, regardless of security settings protecting the serviceEPSS 1.1%CVE-2024-6071CRITICALPTC Creo Elements/Direct License Server Missing AuthorizationEPSS 1.1%CVE-2021-3814—It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This concEPSS 1.1%CVE-2022-23055—ERPNext - Improper user access conrolEPSS 1.1%CVE-2025-31182CRITICALThis issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS SonoEPSS 1.1%CVE-2019-3886MEDIUMAn incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on thEPSS 1.1%CVE-2021-24353—Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect ImportEPSS 1.1%CVE-2018-7688HIGHOpen Build Service accepts arbitrary reviewsEPSS 1.1%CVE-2022-4940HIGHWCFM Membership <= 2.10.0 - Missing AuthorizationEPSS 1.1%CVE-2021-22891—A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 mayEPSS 1.1%CVE-2022-21660HIGHMissing authorization in gin-vue-adminEPSS 1.1%CVE-2024-38190HIGHPower Platform Information Disclosure VulnerabilityEPSS 1.1%CVE-2024-33566CRITICALWordPress OrderConvo plugin <= 12.4 - Unauthenticated API Access to Arbitrary File Upload vulnerabilityEPSS 1.1%CVE-2020-25711—A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operatioEPSS 1.1%CVE-2023-20252CRITICALA vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticatEPSS 1.1%CVE-2024-37901CRITICALXWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheetEPSS 1.1%

← anteriorpágina 11 / 337siguiente →