Fallos del tipo CWE-863
2093 resultadosCVE-2024-21280HIGHVulnerability in the Oracle Service Contracts product of Oracle E-Business Suite (component: Authoring). Supported versions that are affectEPSS 0.4%CVE-2025-5187MEDIUMNodes can delete themselves by adding an OwnerReferenceEPSS 0.4%CVE-2024-28627HIGHAn issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file.EPSS 0.4%CVE-2025-68476HIGHKEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account CredentialEPSS 0.4%CVE-2026-39852HIGHQuarkus authorization bypass via semicolon path normalization inconsistencyEPSS 0.4%CVE-2024-45586CRITICALAccount Take Over VulnerabilityEPSS 0.4%CVE-2026-32102HIGHOliveTin Unauthorized Action Output Disclosure via EventStreamEPSS 0.4%CVE-2024-51425HIGHAn issue in the WaterToken smart contract (which can be run on the Ethereum blockchain) allows remote attackers to have an unspecified impacEPSS 0.4%CVE-2022-41918MEDIUMIssue with fine-grained access control of indices backing data streamsEPSS 0.4%CVE-2026-22872MEDIUMCapsule TenantResource RawItems Cluster-Scoped Resource Creation VulnerabilityEPSS 0.4%CVE-2025-42951HIGHBroken Authorization in SAP Business One (SLD)EPSS 0.4%CVE-2024-31134MEDIUMIn JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registratioEPSS 0.4%CVE-2026-2712MEDIUMWP-Optimize <= 4.5.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update and Image ManipulationEPSS 0.4%CVE-2023-4317MEDIUMIncorrect Authorization in GitLabEPSS 0.4%CVE-2024-55965MEDIUMAn issue was discovered in Appsmith before 1.51. Users invited as "App Viewer" incorrectly have access to development information of a worksEPSS 0.4%CVE-2026-30947HIGHParse Server ha a bypass of class-level permissions in LiveQueryEPSS 0.4%CVE-2022-3819LOWAn improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15EPSS 0.4%CVE-2026-32228HIGHApache Airflow: Users with asset materialization permisssions could trigger Dags they had no access toEPSS 0.4%CVE-2025-50085MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0EPSS 0.4%CVE-2024-39324LOWaimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own servicesEPSS 0.4%