Fallos del tipo CWE-863

2102 resultados
CVE-2026-2208MEDIUMWeKan Rules rules.js RulesBleed authorizationEPSS 0.2%CVE-2023-27903MEDIUMJenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions EPSS 0.2%CVE-2026-33726MEDIUMCilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node trafficEPSS 0.2%CVE-2025-15322MEDIUMTanium addressed an improper access controls vulnerability in Tanium Server.EPSS 0.2%CVE-2025-26532LOWTeachers can evade trusttext config when restoring glossary entriesEPSS 0.2%CVE-2026-22624MEDIUMDue to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proEPSS 0.2%CVE-2024-4811LOWIn affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacEPSS 0.2%CVE-2025-12555MEDIUMIncorrect Authorization in GitLabEPSS 0.2%CVE-2026-41379HIGHOpenClaw < 2026.3.28 - Privilege Escalation via chat.send to Admin-Class Talk Voice ConfigEPSS 0.2%CVE-2025-59048HIGHOpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth MethodEPSS 0.2%CVE-2025-7736LOWIncorrect Authorization in GitLabEPSS 0.2%CVE-2021-3457An improper authorization handling flaw was found in Foreman. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute acEPSS 0.2%CVE-2025-13753MEDIUMWP Table Builder <= 2.0.19 - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table CreationEPSS 0.2%CVE-2024-44114LOWMissing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP PlatformEPSS 0.2%CVE-2025-52918MEDIUMYealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated intEPSS 0.2%CVE-2026-33650HIGHAVideo's Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video DeletionEPSS 0.2%CVE-2024-12862MEDIUMREST API allows users without permissions to remove external collaboratorsEPSS 0.2%CVE-2025-46544MEDIUMIn Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles.EPSS 0.2%CVE-2025-3609MEDIUMReales WP STPT <= 2.1.2 - Unauthorized User RegistrationEPSS 0.2%CVE-2026-26265HIGHDiscourse has IDOR vulnerability in the directory items endpointEPSS 0.2%