Fallos del tipo CWE-863
2102 resultadosCVE-2025-65900MEDIUMKalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient perEPSS 0.3%CVE-2026-47120HIGHNezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)EPSS 0.3%CVE-2025-24460MEDIUMIn JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent poolEPSS 0.3%CVE-2024-10306MEDIUMMod_proxy_cluster: mod_proxy_cluster unauthorized mcmp requestsEPSS 0.3%CVE-2026-10741MEDIUMNexus Repository Manager - Incorrect Authorization allows credential disclosure via proxy repository configurationEPSS 0.3%CVE-2026-4263MEDIUMIncorrect authorization in HiJiffy ChatbotEPSS 0.3%CVE-2025-62795HIGHJumpServer Unauthorized LDAP Configuration Access via WebSocketEPSS 0.3%CVE-2024-41941MEDIUMA vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization cheEPSS 0.3%CVE-2026-33722HIGHn8n Has External Secrets Authorization Bypass in Credential SavingEPSS 0.3%CVE-2026-53855HIGHOpenClaw < 2026.4.2 - Shell Positional Parameters Bypass in Inline-Eval ChecksEPSS 0.3%CVE-2026-33217HIGHNATS allows MQTT clients to bypass ACL checksEPSS 0.3%CVE-2026-46366HIGHphpMyFAQ - Unauthenticated Information Disclosure via getIdFromSolutionId Permission BypassEPSS 0.3%CVE-2026-41432HIGHNew API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota FraudEPSS 0.3%CVE-2025-36578MEDIUMDell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerability. A low privileged attacker with remoEPSS 0.3%CVE-2025-2045MEDIUMIncorrect Authorization in GitLabEPSS 0.3%CVE-2026-24724MEDIUMFile Station 5EPSS 0.3%CVE-2025-24866LOWUnauthorized Access to User Activity Logs API by delegated granular administration rolesEPSS 0.3%CVE-2026-1514HIGH2100 Technology|Official Document Management System - Incorrect AuthorizationEPSS 0.3%CVE-2026-42431HIGHOpenClaw < 2026.4.8 - Persistent Profile Mutation via node.invoke(browser.proxy) BypassEPSS 0.3%CVE-2026-42070MEDIUMMantisBT: Authorization Bypass in Bugnote Editing via Issue Update APIEPSS 0.3%