Falhas do tipo CWE-269
1.779 resultadosCVE-2025-34204HIGHVasion Print (formerly PrinterLogic) Processes Running as Root Inside Docker InstancesEPSS 0.6%CVE-2023-21848HIGHVulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Admin Configuration). TheEPSS 0.6%CVE-2024-22752HIGHInsecure permissions issue in EaseUS MobiMover 6.0.5 Build 21620 allows attackers to gain escalated privileges via use of crafted executableEPSS 0.6%CVE-2023-48171HIGHAn issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.EPSS 0.6%CVE-2023-41955HIGHWordPress Essential Addons for Elementor plugin <= 5.8.8 - Contributor+ Privilege Escalation vulnerabilityEPSS 0.6%CVE-2023-33966HIGHDeno missing "--allow-net" permission check for built-in Node modulesEPSS 0.6%CVE-2026-38529HIGHA Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attEPSS 0.6%CVE-2023-28261MEDIUMMicrosoft Edge (Chromium-based) Elevation of Privilege VulnerabilityEPSS 0.6%CVE-2023-4239HIGHReal Estate Manager <= 7.2 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege EscalationEPSS 0.6%CVE-2025-2798CRITICALWoffice <= 5.4.21 - Authentication Bypass via Registration RoleEPSS 0.6%CVE-2022-35243HIGHAuthenticated iControl REST in Appliance mode vulnerability CVE-2022-35243EPSS 0.6%CVE-2023-37917CRITICALPrivilege Escalation in kubepiEPSS 0.6%CVE-2024-24778MEDIUMApache StreamPipes: Resources Permission EscalationEPSS 0.6%CVE-2025-7851HIGHUnauthorized root access via debug functionalityEPSS 0.6%CVE-2023-4140MEDIUMWP Ultimate CSV Importer <= 7.9.8 - Arbitrary Usermeta Update to Authenticated (Author+) Privilege EscalationEPSS 0.6%CVE-2025-5491HIGHAcer ControlCenter - Remote Code ExecutionEPSS 0.6%CVE-2023-37866HIGHWordPress JetFormBuilder plugin <= 3.0.8 - Authenticated Privilege Escalation vulnerabilityEPSS 0.6%CVE-2023-28855MEDIUMFields GLPI plugin vulnerable to unauthorized write access to additional fieldsEPSS 0.6%CVE-2024-29667CRITICALSQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate priEPSS 0.6%CVE-2024-1908MEDIUMImproper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed Privilege EscalationEPSS 0.6%