Fallos del tipo CWE-863

2102 resultados
CVE-2026-35596MEDIUMVikunja has Broken Access Control on Label Read via SQL Operator Precedence BugEPSS 0.3%CVE-2025-67856MEDIUMMoodle: moodle: privilege escalation via incomplete role checks in badge awardingEPSS 0.3%CVE-2024-34130MEDIUMAcrobat Android : OverSecured Finding : Access to arbitrary* content providers via insecure Intent configurationEPSS 0.3%CVE-2026-35619MEDIUMOpenClaw < 2026.3.24 - Authorization Bypass via HTTP /v1/models EndpointEPSS 0.3%CVE-2025-58052LOWGalette has groups managers access control bypass on MembersEPSS 0.3%CVE-2025-24526MEDIUMChannel export permitted on archived channel when viewing archived channels is disabledEPSS 0.3%CVE-2025-48445HIGHCommerce Eurobank (Redirect) - Moderately critical - Access bypass - SA-CONTRIB-2025-066EPSS 0.3%CVE-2025-48446HIGHCommerce Alphabank Redirect - Moderately critical - Access bypass - SA-CONTRIB-2025-067EPSS 0.3%CVE-2026-44633HIGHLive Helper Chat: REST API chat update accepts arbitrary chat fields across department boundariesEPSS 0.3%CVE-2026-44735MEDIUMOpenProject: Shares API Information DisclosureEPSS 0.3%CVE-2025-59449MEDIUMThe YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowEPSS 0.3%CVE-2026-46717HIGHNezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notificationEPSS 0.3%CVE-2026-32597HIGHPyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)EPSS 0.3%CVE-2020-1729A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially EPSS 0.3%CVE-2025-49145HIGHiTop admin can drop iTop database using webhooksEPSS 0.3%CVE-2026-4857HIGHSailPoint IdentityIQ Debug UI Incorrect AuthorizationEPSS 0.3%CVE-2026-25811MEDIUMPlaciPy Email Domain Trust Enables Cross-Tenant Data Access (Multi-Tenant Isolation Failure)EPSS 0.3%CVE-2020-36623MEDIUMPengu index.js runApp cross-site request forgeryEPSS 0.3%CVE-2023-52538CRITICALVulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will afEPSS 0.3%CVE-2025-22449LOWAccess control flaw for team admins allows unauthorized team additionsEPSS 0.3%