Falhas do tipo CWE-285
1.302 resultadosCVE-2023-28378MEDIUMImproper authorization in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potEPSS 0.2%CVE-2025-59686MEDIUMKazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id.EPSS 0.2%CVE-2020-9081LOWThere is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific modEPSS 0.2%CVE-2026-34321MEDIUMVulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (comEPSS 0.2%CVE-2025-12360MEDIUMBetter Find and Replace <= 1.7.7 - Missing AuthorizationEPSS 0.2%CVE-2021-36311MEDIUMDell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privEPSS 0.2%CVE-2026-4548MEDIUMmickasmt next-saas-stripe-starter update-user-role.ts updateUserrole improper authorizationEPSS 0.2%CVE-2026-41572MEDIUMNote Mark: Unauthenticated read of notes and assets in soft-deleted public booksEPSS 0.2%CVE-2022-30717MEDIUMImproper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink.EPSS 0.2%CVE-2026-45620MEDIUMAVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumerationEPSS 0.2%CVE-2026-45365MEDIUMOpen WebUI: Authenticated users can bypass model access control via exposed query parameterEPSS 0.2%CVE-2022-36838MEDIUMImplicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information.EPSS 0.2%CVE-2025-9294MEDIUMQuiz And Survey Master <= 10.3.1 - Missing Authorization to Authenticated (Subscriber+) Quiz Results DeletionEPSS 0.2%CVE-2025-46289MEDIUMA logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2.EPSS 0.2%CVE-2024-36438HIGHeLinkSmart Hidden Smart Cabinet Lock 2024-05-22 has Incorrect Access Control and fails to perform an authorization check which can lead to cEPSS 0.2%CVE-2026-2294MEDIUMUiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.09 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings UpdateEPSS 0.2%CVE-2025-12505MEDIUMweDocs <= 2.1.14 - Missing Authorization to Settings UpdateEPSS 0.2%CVE-2022-36837MEDIUMIntent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive informatEPSS 0.2%CVE-2026-4818MEDIUMSome management operations on data streams are not properly restricted when user does not have the necessary privilegesEPSS 0.2%CVE-2025-22172MEDIUMJira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of senEPSS 0.2%