Fallos del tipo CWE-863

2080 resultados
CVE-2025-32462LOWSudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to eEPSS 3.2%CVE-2023-33254MEDIUMThere is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may proviEPSS 3.2%CVE-2021-21013HIGHMagento Commerce Insecure Direct Object Reference Could Lead To Information DisclosureEPSS 3.2%CVE-2026-28227LOWDiscourse Vulnerable to Unauthorized Topic Creation in Staff-Only Categories via Topic Timer publish_to_categoryEPSS 3.1%CVE-2022-21141CRITICALAirspan Networks Mimosa Incorrect AuthorizationEPSS 3.0%CVE-2019-14995The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specifEPSS 3.0%CVE-2021-24947RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File ReadEPSS 3.0%CVE-2022-30309CRITICALFESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerabilityEPSS 3.0%CVE-2023-34197Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escEPSS 3.0%CVE-2024-23653CRITICALBuildKit interactive containers API does not validate entitlements checkEPSS 3.0%CVE-2022-30311CRITICALFESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerabilityEPSS 2.8%CVE-2019-8445Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worEPSS 2.7%CVE-2022-24778HIGHIncorrect Authorization in imgcryptEPSS 2.7%CVE-2022-30308CRITICALFESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerabilityEPSS 2.7%CVE-2025-44824HIGHNagios Log Server before 2024R1.3.2 allows authenticated users (with read-only API access) to stop the Elasticsearch service via a /nagiosloEPSS 2.7%CVE-2021-29439HIGHPlugins can be installed with minimal admin privilegesEPSS 2.6%CVE-2024-55633HIGHApache Superset: SQLLab Improper readonly query validation allows unauthorized write accessEPSS 2.6%CVE-2025-23419MEDIUMTLS Session Resumption VulnerabilityEPSS 2.6%CVE-2023-40315MEDIUMROLE_FILESYSTEM_EDITOR Can Be Used To Escalate To ROLE_ADMINEPSS 2.5%CVE-2022-30310CRITICALFESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerabilityEPSS 2.5%