Fallos del tipo CWE-863

2098 resultados
CVE-2025-27236LOWUser information disclosure via api_jsonrpc.php on method user.get with param searchEPSS 0.4%CVE-2026-21297MEDIUMAdobe Commerce | Incorrect Authorization (CWE-863)EPSS 0.4%CVE-2026-42843HIGHgrav-plugin-api: Grav API Privilege Escalation to Super AdminEPSS 0.4%CVE-2024-3388MEDIUMPAN-OS: User Impersonation in GlobalProtect SSL VPNEPSS 0.3%CVE-2025-68938MEDIUMGitea before 1.25.2 mishandles authorization for deletion of releases.EPSS 0.3%CVE-2026-23984HIGHApache Superset: SQLLab Read-Only Bypass on PostgreSQLEPSS 0.3%CVE-2025-9572MEDIUMForeman: satellite: graphql api permission bypass leads to information disclosureEPSS 0.3%CVE-2024-39328MEDIUMInsecure Permissions in Atos Eviden IDRA and IDCA before 2.7.0. A highly trusted role (Config Admin) could exceed their configuration privilEPSS 0.3%CVE-2026-8046HIGHIncorrect Authorization in CODESYS ControlEPSS 0.3%CVE-2026-28392HIGHOpenClaw < 2026.2.14 - Privilege Escalation in Slack Slash Command Handler via Direct MessagesEPSS 0.3%CVE-2026-53853HIGHOpenClaw < 2026.5.12 - Argument Pattern Bypass in Exec Allowlist via Linux and macOSEPSS 0.3%CVE-2026-42434HIGHOpenClaw 2026.4.5 < 2026.4.10 - Sandbox Escape via host Parameter Override in Exec RoutingEPSS 0.3%CVE-2026-30368MEDIUMA client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassinEPSS 0.3%CVE-2026-34512HIGHOpenClaw < 2026.3.25 - Improper Access Control in /sessions/:sessionKey/kill EndpointEPSS 0.3%CVE-2026-2126MEDIUMUser Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' ParameterEPSS 0.3%CVE-2025-48475MEDIUMFreeScout Vulnerable to Insufficient AuthorizationEPSS 0.3%CVE-2025-15390MEDIUMPHPGurukul Small CRM edit-user.php authorizationEPSS 0.3%CVE-2026-44221CRITICALArcadeDB: Cross-database authorization bypass and unsecured newly-created databasesEPSS 0.3%CVE-2026-45426LOWApache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log accessEPSS 0.3%CVE-2025-40619CRITICALImproper access control vulnerability in BookgyEPSS 0.3%