Falhas do tipo CWE-285

1.302 resultados
CVE-2026-30847CRITICALWekan Credential Leak via notificationUsers Publication Exposes Password Hashes and Session TokensEPSS 0.2%CVE-2025-12720MEDIUMg-FFL Cockpit <= 1.7.1 - Improper Authorization to Unauthenticated Product DeletionEPSS 0.2%CVE-2026-7145MEDIUMmettle sendportal Invitation WorkspaceInvitationsController.php destroy authorizationEPSS 0.2%CVE-2025-67715MEDIUMWeblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)EPSS 0.2%CVE-2026-48089HIGHDevGuard has improper authorization on public assetsEPSS 0.2%CVE-2025-2397MEDIUMChina Mobile P22g-CIac Telnet Service improper authorizationEPSS 0.2%CVE-2025-11510MEDIUMFileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings ResetEPSS 0.2%CVE-2024-50617HIGHVulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorizEPSS 0.2%CVE-2022-39873MEDIUMImproper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret modEPSS 0.2%CVE-2026-5781HIGHMultiple vulnerabilities in MphRx's MinervaEPSS 0.2%CVE-2023-21454LOWImproper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockEPSS 0.2%CVE-2025-15087MEDIUMyoulaitech youlai-mall OrderController.java submitOrderPayment improper authorizationEPSS 0.2%CVE-2026-50201MEDIUMSteeltoe's sensitive actuators (heapdump/env) only require Restricted permissionEPSS 0.2%CVE-2023-28317MEDIUMA vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messEPSS 0.2%CVE-2026-11533MEDIUMimvks786 student_management_system Student Deletion Endpoint see.php improper authorizationEPSS 0.2%CVE-2026-10285MEDIUMDevaslanPHP project-management Ticket KanbanScrumHelper.php recordUpdated improper authorizationEPSS 0.2%CVE-2026-10284MEDIUMDevaslanPHP project-management Livewire ViewTicket.php doDeleteComment improper authorizationEPSS 0.2%CVE-2024-40807MEDIUMA logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A sEPSS 0.2%CVE-2026-10218MEDIUMnextlevelbuilder GoClaw evolution_handlers.go auth improper authorizationEPSS 0.2%CVE-2025-12814MEDIUMSiteSEO – SEO Simplified <= 1.3.2 - Improper Authorization to Authenticated Settings ResetEPSS 0.2%