Falhas do tipo CWE-863

2.080 resultados
CVE-2022-32532Authentication Bypass VulnerabilityEPSS 25.4%CVE-2020-12503HIGHPepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx productsEPSS 23.3%CVE-2022-47874MEDIUMImproper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections viEPSS 22.7%CVE-2021-3560HIGHIt was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestorEPSS 22.2%KEVCVE-2022-1401MEDIUMInsufficient validation of provided paths in Exago WrImageResource.axdEPSS 18.0%CVE-2019-8446The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorEPSS 17.5%CVE-2021-30533MEDIUMInsufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restriEPSS 16.6%KEVCVE-2024-41110CRITICALMoby authz zero length regressionEPSS 16.5%CVE-2020-14321In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.EPSS 16.4%CVE-2025-24434CRITICALAdobe Commerce | Incorrect Authorization (CWE-863)EPSS 15.9%CVE-2023-2640HIGHOn Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unpEPSS 15.8%CVE-2023-29708An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted pEPSS 15.3%CVE-2023-32749HIGHPydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sentEPSS 14.2%CVE-2021-21389HIGHBuddyPress privilege escalation via REST APIEPSS 13.9%CVE-2019-3401The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumeraEPSS 12.7%CVE-2025-43561CRITICALColdFusion | Incorrect Authorization (CWE-863)EPSS 12.6%CVE-2023-21715HIGHMicrosoft Publisher Security Feature Bypass VulnerabilityEPSS 12.1%KEVCVE-2021-24405Easy Cookie Policy <= 1.6.2 - Broken Access Control to Stored Cross-Site ScriptingEPSS 11.0%CVE-2023-24932MEDIUMSecure Boot Security Feature Bypass VulnerabilityEPSS 10.6%CVE-2018-1057On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDEPSS 10.3%