Falhas do tipo CWE-269

1.785 resultados
CVE-2025-56747MEDIUMCreativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Api_instructor controller where regulEPSS 0.3%CVE-2025-26707MEDIUMImproper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1EPSS 0.3%CVE-2024-38818MEDIUMVMware NSX contains a local privilege escalation vulnerability.  An authenticated malicious actor may exploit this vulnerability to obtain EPSS 0.3%CVE-2026-42562HIGHPlainpad: Privilege Escalation via Writable Admin Field in Profile Update (Access Control)EPSS 0.3%CVE-2026-45716HIGHBudibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP ConfigurationEPSS 0.3%CVE-2026-41085HIGHThermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with EPSS 0.3%CVE-2025-50062HIGHVulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core). SuppoEPSS 0.3%CVE-2024-27826HIGHThe issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.6, macOS Sonoma EPSS 0.3%CVE-2024-6908MEDIUMAdmin Can Escalate Privileges to SuperAdmin Using Manual PUT RequestEPSS 0.3%CVE-2025-53027HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.EPSS 0.3%CVE-2025-59697HIGHEntrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileEPSS 0.3%CVE-2024-31320HIGHIn setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation dEPSS 0.3%CVE-2024-27207CRITICALExported broadcast receivers allowing malicious apps to bypass broadcast protection.EPSS 0.3%CVE-2024-3507HIGHPrivilege escalation vulnerability in LunarEPSS 0.3%CVE-2023-41743HIGHLocal privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber ProtectEPSS 0.3%CVE-2024-21141HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are PrioEPSS 0.3%CVE-2026-6419HIGHWishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation via 'wlm3_get_screen' AJAX actionEPSS 0.3%CVE-2026-31834HIGHUmbraco Affected by Vertical Privilege Escalation via Missing Authorization ChecksEPSS 0.3%CVE-2025-50066LOWVulnerability in the Oracle Database Materialized View component of Oracle Database Server. Supported versions that are affected are 19.3-1EPSS 0.3%CVE-2026-45632CRITICALDokploy: Schedule Authorization Bypass Enables Host/Server Command ExecutionEPSS 0.3%