Fallos del tipo CWE-863
2111 resultadosCVE-2026-44374MEDIUMBackstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checksEPSS 0.2%CVE-2024-12247MEDIUMImproper propagation of permission scheme updates across cluster nodesEPSS 0.2%CVE-2025-47871MEDIUMMattermost Playbooks exposes private channel metadata to unauthorized users via run metadata APIEPSS 0.2%CVE-2023-28714HIGHImproper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allowEPSS 0.2%CVE-2025-43397MEDIUMA permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS TEPSS 0.2%CVE-2026-52795MEDIUMGogs: Authorization Bypass in Watch API allows any user to monitor private repository activityEPSS 0.2%CVE-2026-45009MEDIUMphpMyFAQ - Insufficient Authorization Check in Admin API EndpointsEPSS 0.2%CVE-2026-28723MEDIUMUnauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 (Linux, WindoEPSS 0.2%CVE-2026-28864LOWThis issue was addressed with improved permissions checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, EPSS 0.2%CVE-2024-21120MEDIUMVulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions thatEPSS 0.2%CVE-2022-29871MEDIUMImproper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enaEPSS 0.2%CVE-2026-47777HIGHMastodon has a consent-check bypass in its remote CollectionsEPSS 0.2%CVE-2025-13324LOWLack of Invalidation of Legacy Remote Cluster Invite Tokens After ConfirmationEPSS 0.2%CVE-2026-2386MEDIUMThe Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Incorrect Authorization to Authenticated (Author+) Arbitrary Draft Post Creation via 'post_type'EPSS 0.2%CVE-2026-28720MEDIUMUnauthorized modification of settings due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 1EPSS 0.2%CVE-2026-28719MEDIUMUnauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (LinuEPSS 0.2%CVE-2026-33869MEDIUMMastodon has a denial of service for quote authorizationEPSS 0.2%CVE-2026-53835LOWOpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent BindingsEPSS 0.2%CVE-2026-44473HIGHElla Core: UE Downlink Redirection via Forged PDUSessionResourceSetupResponseEPSS 0.2%CVE-2025-64746MEDIUMDirectus has Improper Permission Handling on Deleted FieldsEPSS 0.2%