Falhas do tipo CWE-285
1.302 resultadosCVE-2025-14088MEDIUMketr JEPaaS load improper authorizationEPSS 0.2%CVE-2026-10211MEDIUMAstrBotDevs AstrBot fs.py _normalize_rw_path authorizationEPSS 0.2%CVE-2026-30870MEDIUMSome sync filters in PowerSync Service ignored using `config.edition: 3`EPSS 0.2%CVE-2026-7092MEDIUMcode-projects Invoice System in Laravel Profile profile improper authorizationEPSS 0.2%CVE-2026-8747MEDIUMZ-BlogPHP Commend Approval c_system_event.php CheckComment improper authorizationEPSS 0.2%CVE-2026-42202MEDIUMnova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fieldsEPSS 0.2%CVE-2026-7093MEDIUMcode-projects Invoice System in Laravel Invoice Endpoint invoice improper authorizationEPSS 0.2%CVE-2025-46732MEDIUMOpenCTI's GraphQL IDOR enables authenticated users to modify or delete notifications of other usersEPSS 0.2%CVE-2025-14089MEDIUMHimool ERP AdminActionViewSet update_account improper authorizationEPSS 0.2%CVE-2026-5283MEDIUMInappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a craEPSS 0.2%CVE-2026-13534LOWCherryHQ cherry-studio CherryIN Preload API MemoryService.ts sha256 authorizationEPSS 0.2%CVE-2026-47673MEDIUMHono: JWT middleware accepts any Authorization scheme, not only BearerEPSS 0.2%CVE-2026-13591LOWDeepMyst Mysti Contact Tracking ChannelBridge.ts _isTrackedConversation improper authorizationEPSS 0.2%CVE-2026-9410MEDIUMSushmi-pal Invoice-System Profile Workflow profile improper authorizationEPSS 0.2%CVE-2026-54012HIGHOpen WebUI: Forged model meta.knowledge allows cross-user file read and deletionEPSS 0.2%CVE-2026-9409MEDIUMSushmi-pal Invoice-System User Management user improper authorizationEPSS 0.2%CVE-2023-28378MEDIUMImproper authorization in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potEPSS 0.2%CVE-2021-44204—Local privilege escalation via named pipe due to improper access control checksEPSS 0.2%CVE-2022-33705—Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access calendar schedule without READ_CALENDAR permissionEPSS 0.2%CVE-2025-59686MEDIUMKazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id.EPSS 0.2%