Fallos del tipo CWE-863

2093 resultados
CVE-2024-28229MEDIUMIn JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articlesEPSS 0.5%CVE-2022-42975HIGHsocket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default becaEPSS 0.5%CVE-2022-0984Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile fEPSS 0.5%CVE-2026-47102HIGHLiteLLM < 1.83.10 Privilege Escalation via User UpdateEPSS 0.5%CVE-2025-50086MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected arEPSS 0.5%CVE-2025-50084MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.EPSS 0.5%CVE-2023-27384Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data oEPSS 0.5%CVE-2022-3188MEDIUMDataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages withouEPSS 0.5%CVE-2022-39275MEDIUMImproper object type validation in saleorEPSS 0.5%CVE-2024-57683MEDIUMAn access control issue in the component websURLFilterAddDel of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to sEPSS 0.5%CVE-2023-32060MEDIUMDHIS2 Core Improper Access Control with Category Option Combination sharing in /api/trackedEntityInstance and /api/eventsEPSS 0.5%CVE-2023-1779MEDIUMHelmholz and MB Connect Line: Account takeover via password reset in multiple productsEPSS 0.5%CVE-2024-45160CRITICALIncorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication viaEPSS 0.5%CVE-2021-30205Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to bEPSS 0.5%CVE-2021-21367MEDIUMIncorrect Authorization in switchboard-plug-bluetoothEPSS 0.5%CVE-2024-4390MEDIUMDepicter <= 3.0.2 - Authenticated (Contributor+) Arbitrary Nonce GenerationEPSS 0.5%CVE-2024-5817MEDIUMImproper authorization allows read access to issue content in GitHub Enterprise ServerEPSS 0.5%CVE-2025-24420MEDIUMAdobe Commerce | Incorrect Authorization (CWE-863)EPSS 0.5%CVE-2025-24419MEDIUMAdobe Commerce | Incorrect Authorization (CWE-863)EPSS 0.5%CVE-2022-30358HIGHOvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and EPSS 0.5%