Fallos del tipo CWE-863

2110 resultados
CVE-2021-20290An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actiEPSS 0.2%CVE-2025-1540LOWIncorrect Authorization in GitLabEPSS 0.2%CVE-2026-54398MEDIUMMISP object edit authorization bypass allows unauthorized sharing group assignmentEPSS 0.2%CVE-2025-27089MEDIUMOverlapping policies allow update to non-allowed fields in directusEPSS 0.2%CVE-2026-44564MEDIUMOpen WebUI: Read-Only Users Can Modify Collaborative Documents via Socket.IOEPSS 0.2%CVE-2026-40071MEDIUMpyLoad WebUI JSON permission mismatch lets ADD/DELETE users invoke MODIFY-only actionsEPSS 0.2%CVE-2025-24920MEDIUMUnauthorized Bookmark Creation and Modification in Archived ChannelsEPSS 0.2%CVE-2025-27571MEDIUMChannel metadata visible in archived channels despite configuration settingEPSS 0.2%CVE-2026-4265MEDIUMGuest user can upload files without permission across teamsEPSS 0.2%CVE-2025-24121LOWA logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An aEPSS 0.2%CVE-2026-45316LOWOpen WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)EPSS 0.2%CVE-2025-66378MEDIUMPexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMPEPSS 0.2%CVE-2025-24114MEDIUMA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS VenturEPSS 0.2%CVE-2025-43904MEDIUMIn SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator.EPSS 0.2%CVE-2026-33424MEDIUMPM access granted through invites after access revocationEPSS 0.2%CVE-2024-44247MEDIUMThe issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A maliciEPSS 0.2%CVE-2024-2378HIGHA vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected inEPSS 0.2%CVE-2025-15023HIGHImproper Access Control in Yordam Informatics' Library Automation SystemEPSS 0.2%CVE-2025-68660MEDIUMDiscourse AI Discover's continue conversation allows threat actor to impersonate userEPSS 0.2%CVE-2026-48776MEDIUMLangGraph SDK has unsafe URL path constructionEPSS 0.2%