Falhas do tipo CWE-266
949 resultadosCVE-2025-31524HIGHWordPress WP User Profiles plugin <= 2.6.2 - Privilege Escalation vulnerabilityEPSS 0.3%CVE-2026-3263MEDIUMgo2ismail Asp.Net-Core-Inventory-Order-Management-System Security API improper authorizationEPSS 0.3%CVE-2025-10291MEDIUMlinlinjava litemall cancel WxAftersaleController improper authorizationEPSS 0.3%CVE-2025-13807MEDIUMorionsec orion-ops API MachineKeyController.java MachineKeyController improper authorizationEPSS 0.3%CVE-2026-33519CRITICALIncorrect privilege assignment in Portal for ArcGISEPSS 0.3%CVE-2025-4493MEDIUMImproper privilege assignment in PAM JIT privilege sets in Devolutions
Server allows a PAM user to perform PAM JIT
requests on unauthorizeEPSS 0.3%CVE-2026-10255MEDIUMSourceCodester Pharmacy Sales and Inventory System ShowForm.php sell_statement access controlEPSS 0.3%CVE-2025-67279MEDIUMAn issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stEPSS 0.3%CVE-2025-10038MEDIUMBinary MLM Plan <= 3.0 - Unauthenticated Limited Privilege EscalationEPSS 0.3%CVE-2026-8752MEDIUMh2oai h2o-3 Rapids setproperty Primitive AstSetProperty.java exec access controlEPSS 0.3%CVE-2025-29036MEDIUMAn issue in hackathon-starter v.8.1.0 allows a remote attacker to escalate privileges via the user.js component.EPSS 0.3%CVE-2026-7644MEDIUMChatGPTNextWeb NextChat actions.ts addMcpServer improper authorizationEPSS 0.3%CVE-2026-6105MEDIUMperfree go-fastdfs-web doInstall InstallController.java improper authorizationEPSS 0.3%CVE-2026-2075MEDIUMyeqifu warehouse Role-Permission Binding RoleController.java saveRolePermission access controlEPSS 0.3%CVE-2026-42758CRITICALWordPress WebinarIgnition plugin < 4.08.253 - Privilege Escalation vulnerabilityEPSS 0.3%CVE-2025-1881MEDIUMi-Drive i11/i12 Video Footage/Live Video Stream access controlEPSS 0.3%CVE-2025-3981MEDIUMwowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System details improper authorizationEPSS 0.3%CVE-2025-59134HIGHWordPress Sale! Immigration law, Visa services support, Migration Agent Consulting theme <= 1.5.8 - Privilege Escalation vulnerabilityEPSS 0.3%CVE-2026-2015MEDIUMPortabilis i-Educar Final Status Import FinalStatusImportService.php improper authorizationEPSS 0.3%CVE-2025-3977MEDIUMiteachyou Dreamer CMS Attachment download improper authorizationEPSS 0.3%