Falhas do tipo CWE-285

1.302 resultados
CVE-2025-12494MEDIUMImage Gallery – Photo Grid & Video Gallery <= 2.12.28 - Improper Authorization to Authenticated (Author+) Arbitrary Image File MoveEPSS 0.2%CVE-2026-11476MEDIUMKushan2k student-management-system Profile Update Endpoint AdminController.php edit-admin improper authorizationEPSS 0.2%CVE-2026-11619MEDIUMDolibarr ERP CRM Legacy Filemanager config.inc.php improper authorizationEPSS 0.2%CVE-2021-25499HIGHIntent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access contEPSS 0.2%CVE-2026-7602MEDIUMJeecgBoot FillRuleUtil edit improper authorizationEPSS 0.2%CVE-2026-5999MEDIUMJeecgBoot SysAnnouncementController improper authorizationEPSS 0.2%CVE-2025-13118MEDIUMmacrozheng mall-swarm paySuccess improper authorizationEPSS 0.2%CVE-2025-13085MEDIUMSiteSEO – SEO Simplified <= 1.3.2 - Insecure Direct Object Reference to Sensitive Post Meta DisclosureEPSS 0.2%CVE-2020-36841MEDIUMWooCommerce Smart Coupons <= 4.6.0 - Unauthenticated Coupon CreationEPSS 0.2%CVE-2023-40430MEDIUMA logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access removable volumes witEPSS 0.2%CVE-2026-45297MEDIUMCross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatchEPSS 0.2%CVE-2018-9867In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in EPSS 0.2%CVE-2026-45371HIGHSiYuan: SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIsEPSS 0.2%CVE-2026-6609MEDIUMliangliangyy DjangoBlog views.py form_valid improper authorizationEPSS 0.2%CVE-2025-61781HIGHGraphQL IDOR allows authenticated user to delete workspace content of other usersEPSS 0.2%CVE-2025-62401MEDIUMMoodle: possible to bypass timer in timed assignmentsEPSS 0.2%CVE-2024-42039MEDIUMAccess control vulnerability in the SystemUI module Impact: Successful exploitation of this vulnerability may affect service confidentialityEPSS 0.2%CVE-2026-23623MEDIUMCollabora Online vulnerable to Authorization BypassEPSS 0.2%CVE-2026-12213MEDIUMhcengineering Huly Platform User Information operations.ts getAccountInfo improper authorizationEPSS 0.2%CVE-2026-42202MEDIUMnova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fieldsEPSS 0.2%