Fallos del tipo CWE-863
2100 resultadosCVE-2026-32811HIGHHeimdall: Path received via Envoy gRPC corrupted when containing query stringEPSS 0.3%CVE-2026-42220MEDIUMnginx-ui: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollbackEPSS 0.3%CVE-2024-10953MEDIUMdata.all authenticated users can perform mutating update operations on persisted notification recordsEPSS 0.3%CVE-2026-4639HIGHGalaxy Software Services|Vitals ESP - Incorrect AuthorizationEPSS 0.3%CVE-2025-11060MEDIUMSurrealdb: surrealdb is vulnerable to unauthorized data exposure via live query subscriptionsEPSS 0.3%CVE-2025-27601MEDIUMUmbraco Allows Improper API Access Control to Low-Privilege Users to Data Type FunctionalityEPSS 0.3%CVE-2026-7387HIGHMattermost group syncable endpoints allow privilege escalation via scheme_adminEPSS 0.3%CVE-2026-41660HIGHAdmidio: Inverted 2FA Reset Authorization Check Lets Group Leaders Strip Admin TOTPEPSS 0.3%CVE-2026-33578MEDIUMOpenClaw < 2026.3.28 - Sender Policy Allowlist Bypass via Policy Downgrade in Google Chat and Zalouser ExtensionsEPSS 0.3%CVE-2023-3582MEDIUMLack of channel membership check when linking a board to a channelEPSS 0.3%CVE-2022-48488MEDIUMVulnerability of bypassing the default desktop security controls.Successful exploitation of this vulnerability may cause unauthorized modifiEPSS 0.3%CVE-2025-26842HIGHAn issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visibEPSS 0.3%CVE-2024-13270MEDIUMFreelinking - Moderately critical - Information Disclosure - SA-CONTRIB-2024-034EPSS 0.3%CVE-2025-37736HIGHElastic Cloud Enterprise Improper AuthorizationEPSS 0.3%CVE-2023-3584LOWMember can create team with team override scheme EPSS 0.3%CVE-2024-13271MEDIUMContent Entity Clone - Moderately critical - Information Disclosure - SA-CONTRIB-2024-035EPSS 0.3%CVE-2026-32006LOWOpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Fallback in Group AllowlistEPSS 0.3%CVE-2026-49299MEDIUMIn OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defiEPSS 0.3%CVE-2026-34586MEDIUMPdfDing: Shared PDF Expiration, Max Views, and Deletion Bypass via Serve/Download EndpointsEPSS 0.3%CVE-2022-37326HIGHDocker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start EPSS 0.3%