Falhas do tipo CWE-863
2.054 resultadosCVE-2023-22518CRITICALAll versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability EPSS 100.0%KEVCVE-2023-38035CRITICALA security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass aEPSS 99.9%KEVCVE-2024-38856HIGHApache OFBiz: Unauthenticated endpoint could allow execution of screen rendering codeEPSS 99.4%KEVCVE-2020-36289MEDIUMAffected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vuEPSS 99.2%CVE-2024-45216CRITICALApache Solr: Authentication bypass possible using a fake URL Path endingEPSS 90.7%CVE-2025-54253CRITICALAdobe Experience Manager | Incorrect Authorization (CWE-863)EPSS 89.8%KEVCVE-2019-7192CRITICALThis improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, EPSS 88.2%KEVCVE-2021-40655HIGHAn informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forEPSS 87.0%KEVCVE-2024-6782CRITICALCalibre Remote Code ExecutionEPSS 83.4%CVE-2018-13382CRITICALAn Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 tEPSS 81.7%KEVCVE-2023-24880MEDIUMWindows SmartScreen Security Feature Bypass VulnerabilityEPSS 78.2%KEVCVE-2021-24917—WPS Hide Login < 1.9.1 - Protection Bypass with Referer-HeaderEPSS 71.5%CVE-2023-35166CRITICALPrivilege escalation (PR) from account through TipsPanelEPSS 63.1%CVE-2010-2965CRITICALThe WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with fEPSS 57.5%CVE-2021-45466CRITICALIn CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to aEPSS 55.3%CVE-2019-3403—The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 befEPSS 52.6%CVE-2023-34051CRITICALVMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into tEPSS 44.7%CVE-2024-24824HIGHgraylog2-server vulnerable to instantiation of arbitrary classes triggered by API requestEPSS 34.5%CVE-2026-35029HIGHLiteLLM affected by privilege escalation via unrestricted proxy configuration endpointEPSS 27.2%CVE-2022-39214CRITICALAuthenticated users of Combodo iTop can take over any accountEPSS 25.6%