Falhas do tipo CWE-276

905 resultados
CVE-2026-49157HIGHApache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by defaultEPSS 0.4%CVE-2026-32983MEDIUMSSL/TLS Renegotiation DoS in Wazuh Manager authd serviceEPSS 0.4%CVE-2022-37003MEDIUMThe AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation aEPSS 0.4%CVE-2019-20458HIGHAn issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes (and functions) without a passwordEPSS 0.4%CVE-2025-49144HIGHNotepad++ Privilege Escalation in Installer via Uncontrolled Executable Search PathEPSS 0.4%CVE-2023-6273MEDIUMPermission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause featuEPSS 0.4%CVE-2020-13533CRITICALA privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which referEPSS 0.4%CVE-2024-46624HIGHAn issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers to elevate their privileges to Administrator via a crafted payload seEPSS 0.4%CVE-2024-27155HIGHLocal Privilege Escalation and Remote Code Execution using insecure permissionsEPSS 0.4%CVE-2024-44228HIGHThis issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissionEPSS 0.4%CVE-2024-36541HIGHInsecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and escalate privileges by obtaining the service aEPSS 0.4%CVE-2024-54751CRITICALCOMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in asEPSS 0.4%CVE-2020-15145MEDIUMLocal privilege elevation in Composer-Setup for WindowsEPSS 0.4%CVE-2023-21216CRITICALIn PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible arbitrary code execution due to a use after free. This could lead tEPSS 0.4%CVE-2021-20037SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalatiEPSS 0.4%CVE-2020-13532CRITICALA privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service EPSS 0.4%CVE-2024-6148MEDIUMBypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5EPSS 0.4%CVE-2025-30701HIGHVulnerability in the RAS Security component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and EPSS 0.4%CVE-2024-27151HIGHLocal Privilege Escalation and Remote Code Execution using insecure permissionsEPSS 0.4%CVE-2024-21116HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are PrioEPSS 0.4%