Fallos del tipo CWE-863
2102 resultadosCVE-2024-49209MEDIUMArcher Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application fiEPSS 0.3%CVE-2025-68940LOWIn Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.EPSS 0.3%CVE-2026-32914HIGHOpenClaw < 2026.3.12 - Insufficient Access Control in /config and /debug EndpointsEPSS 0.3%CVE-2026-25767HIGHLavinMQ has incomplete shovel configuration validationEPSS 0.3%CVE-2025-20300MEDIUMImproper Access Control Lets Low-Privilege Users Suppress Read-Only Alerts in Splunk EnterpriseEPSS 0.3%CVE-2022-23822—In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication anEPSS 0.3%CVE-2025-6003MEDIUMWordPress Single Sign-On (SSO) - Multiple Versions - Incorrect Authorization to Sensitive Information ExposureEPSS 0.3%CVE-2023-0971CRITICALCommand Authentication Bypass in Z/IP GatewayEPSS 0.3%CVE-2026-32245MEDIUMTinyauth's OIDC authorization codes are not bound to client on token exchangeEPSS 0.3%CVE-2026-44838MEDIUMRabbitMQ MQTT Topic Permission Authorization BypassEPSS 0.3%CVE-2025-32068MEDIUMRevoking authorization of OAuth2 consumer does not invalidate refresh tokensEPSS 0.3%CVE-2026-54321HIGHDaytona: Public sandbox previews remain accessible for up to one hour after being made privateEPSS 0.2%CVE-2025-21557MEDIUMVulnerability in Oracle Application Express (component: General). Supported versions that are affected are 23.2 and 24.1. Easily exploitabEPSS 0.2%CVE-2026-57953MEDIUMMythic < 3.4.0.60 - Unauthorized Automation Workflow Modification via eventing_import_automatic_webhook EndpointEPSS 0.2%CVE-2024-0160MEDIUMDell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially expEPSS 0.2%CVE-2025-25026MEDIUMIBM Security Guardium information disclosureEPSS 0.2%CVE-2026-44394MEDIUMAn issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the originaEPSS 0.2%CVE-2024-47272LOWIncorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows rEPSS 0.2%CVE-2026-42160CRITICALData Space Portal: Incorrect Authorization and Client-Side Enforcement of Server-Side Security in ghcr.io/sovity/ds-portal-ce-backendEPSS 0.2%CVE-2026-53738HIGHCopy & Delete Posts through 1.5.4 Privilege Escalation via cdp_action_handling HandlerEPSS 0.2%