Fallos del tipo CWE-863

2101 resultados
CVE-2024-50419MEDIUMWordPress Greenshift plugin <=9.7 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-30741MEDIUMPixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewheEPSS 0.3%CVE-2025-30179MEDIUMMFA Enforcement Bypass in Search APIsEPSS 0.3%CVE-2025-48881HIGHValtimo backend libraries allows objects in the object-api to be accessed and modified by unauthorized usersEPSS 0.3%CVE-2025-30739MEDIUMVulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that aEPSS 0.3%CVE-2024-6512MEDIUMAuthorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users witEPSS 0.3%CVE-2024-7836MEDIUMThemify Builder <= 7.6.1 - Missing Authorization to Authenticated (Contributor+) Post DuplicationEPSS 0.3%CVE-2024-6979MEDIUMAmin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- anEPSS 0.3%CVE-2026-24428HIGHTenda W30E V2 Incorrect Authorization Allows Administrator Password ChangeEPSS 0.3%CVE-2026-42610MEDIUMGrav: Sensitive Information Disclosure via Accounts Service BypassEPSS 0.3%CVE-2025-11438MEDIUMJhumanJ OpnForm API Endpoint custom-domains authorizationEPSS 0.3%CVE-2026-48501HIGHGitHub CLI tokens leak via `gh attestation` commandsEPSS 0.3%CVE-2025-14081MEDIUMUltimate Member <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting BypassEPSS 0.3%CVE-2025-24397MEDIUMAn incorrect permission check in Jenkins GitLab Plugin 1.9.6 and earlier allows attackers with global Item/Configure permission (while lackiEPSS 0.3%CVE-2026-44110HIGHOpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing StoreEPSS 0.3%CVE-2026-25875CRITICALPlaciPy Admin Privilege Escalation via Trusted JWT ClaimsEPSS 0.3%CVE-2026-32972HIGHOpenClaw < 2026.3.11 - Authorization Bypass in Browser Profile Management via browser.requestEPSS 0.3%CVE-2024-31403MEDIUMIncorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the dataEPSS 0.3%CVE-2026-29044MEDIUMEVerest: Charging Continues When WithdrawAuthorization Is Processed Before TransactionStartedEPSS 0.3%CVE-2026-27803HIGHVaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager RoleEPSS 0.3%