Falhas do tipo CWE-285
1.302 resultadosCVE-2026-49397MEDIUMNezha Monitoring: Private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing dataEPSS 0.3%CVE-2023-3899HIGHSubscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configurationEPSS 0.3%CVE-2024-23806MEDIUMHID Global Reader Configuration Cards Improper AuthorizationEPSS 0.3%CVE-2026-2860MEDIUMfeng_ha_ha/megagao ssm-erp/production_ssm EmployeeController.java improper authorizationEPSS 0.3%CVE-2026-6634MEDIUMusememos UpdateInstanceSetting App.tsx memos_access_token improper authorizationEPSS 0.3%CVE-2026-9376MEDIUMJPress UCenter Article Submission Endpoint doWriteSave improper authorizationEPSS 0.3%CVE-2025-54130HIGHCursor Agent is vulnerable prompt injection via Editor Special FilesEPSS 0.3%CVE-2022-34405HIGHAn improper access control vulnerability was identified in the Realtek audio driver. A local authenticated malicious user may potentially exEPSS 0.3%CVE-2025-65030HIGHRallly Improper Authorization in Comment Deletion Endpoint Allows Unauthorized Comment RemovalEPSS 0.3%CVE-2025-14016MEDIUMmacrozheng mall-swarm delete improper authorizationEPSS 0.2%CVE-2026-28431CRITICALMisskey lacks proper authorization checks and input validationEPSS 0.2%CVE-2025-13576MEDIUMcode-projects Blog Site admin.php improper authorizationEPSS 0.2%CVE-2023-0837MEDIUMAn improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allowEPSS 0.2%CVE-2025-58156LOWCenturion ERP users can view hashed authentication tokens that belong to other usersEPSS 0.2%CVE-2026-43983HIGHPocket ID: OIDC refresh token flow bypasses authorization revocation, account disabling, and group restrictionsEPSS 0.2%CVE-2022-34363MEDIUMDell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the Unisphere for VMAX applicEPSS 0.2%CVE-2025-9602MEDIUMXinhu RockOA index.php publicsaveAjax improper authorizationEPSS 0.2%CVE-2026-41522HIGHIris has an Improper Authorization issueEPSS 0.2%CVE-2026-32704MEDIUMSiYuan renderSprig: missing admin check allows any user to read full workspace DBEPSS 0.2%CVE-2022-30730MEDIUMImproper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication.EPSS 0.2%