Fallos del tipo CWE-863

2080 resultados
CVE-2022-23452An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. TEPSS 1.0%CVE-2021-24379Comments Like Dislike < 1.1.4 - Add Like/Dislike BypassEPSS 1.0%CVE-2022-23627MEDIUMInadequate access verification when using proxy commands in ArchiSteamFarm EPSS 1.0%CVE-2023-36091CRITICALAuthentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_EPSS 1.0%CVE-2021-43560A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capabiliEPSS 1.0%CVE-2025-27696MEDIUMApache Superset: Incorrect authorization leading to resource ownership takeoverEPSS 1.0%CVE-2023-7322HIGHNagios Log Server < 2024R1 Incorrect Authorization Granting Full API AccessEPSS 1.0%CVE-2022-23451An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user tEPSS 1.0%CVE-2025-21502MEDIUMVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: HotspotEPSS 1.0%CVE-2025-6018HIGHPam-config: lpe from unprivileged to allow_active in pamEPSS 1.0%CVE-2019-6855Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), MEPSS 1.0%CVE-2023-31704Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privEPSS 0.9%CVE-2021-32779HIGHIncorrectly handling of URI '#fragment' element as part of the path elementEPSS 0.9%CVE-2022-21707MEDIUMIncorrect Authorization in wasmCloudEPSS 0.9%CVE-2024-42062HIGHApache CloudStack: User Key Exposure to Domain AdminsEPSS 0.9%CVE-2021-32163CRITICALAuthentication vulnerability in MOSN v.0.23.0 allows attacker to escalate privileges via case-sensitive JWT authorization.EPSS 0.9%CVE-2023-49734HIGHApache Superset: Privilege Escalation VulnerabilityEPSS 0.9%CVE-2023-45626MEDIUMAn authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary codeEPSS 0.9%CVE-2020-25239A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions viEPSS 0.9%CVE-2021-24244WPBakery Page Builder Clipboard < 4.5.8 - Unauthorised Arbitrary License Options UpdateEPSS 0.9%