Fallos del tipo CWE-862
6730 resultadosCVE-2022-0588HIGHMissing Authorization in librenms/librenmsEPSS 1.1%CVE-2023-30581HIGHThe use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.jsoEPSS 1.1%CVE-2021-36225HIGHWestern Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uEPSS 1.0%CVE-2018-10866—It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthentiEPSS 1.0%CVE-2024-55879CRITICALXWiki allows RCE from script right in configurable sectionsEPSS 1.0%CVE-2024-30485HIGHWordPress Finale Lite plugin <= 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerabilityEPSS 1.0%CVE-2018-10865—It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthentiEPSS 1.0%CVE-2026-41315CRITICALmdserver-web: Missing Authorization and Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')EPSS 1.0%CVE-2025-11580MEDIUMPowerJob list authorizationEPSS 1.0%CVE-2023-1337MEDIUMRapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'clear_uucss_logs'EPSS 1.0%CVE-2025-27505MEDIUMGeoServer Missing Authorization on REST API IndexEPSS 1.0%CVE-2022-41272CRITICALAn unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NeEPSS 1.0%CVE-2021-4357CRITICALuListing <= 1.6.6 - Unauthenticated Arbitrary Post/Page DeletionEPSS 1.0%CVE-2024-6806CRITICALMissing Authorization Checks In NI VeriStand Gateway For Project ResourcesEPSS 1.0%CVE-2022-0579MEDIUMMissing Authorization in snipe/snipe-itEPSS 1.0%CVE-2022-1245—A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding aEPSS 1.0%CVE-2023-22701HIGHWordPress Ebook Store plugin <= 5.775 - Broken Authentication vulnerabilityEPSS 1.0%CVE-2024-23752CRITICALGenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrarEPSS 1.0%CVE-2022-22111HIGHDayByDay CRM - Missing Authorization when Changing PasswordEPSS 1.0%CVE-2022-0932MEDIUMMissing Authorization in saleor/saleorEPSS 1.0%