Falhas do tipo CWE-863

2.097 resultados
CVE-2023-29240MEDIUMBIG-IQ iControl REST VulnerabilityEPSS 0.4%CVE-2024-54512CRITICALThe issue was addressed by removing the relevant flags. This issue is fixed in iOS 18.2 and iPadOS 18.2, watchOS 11.2. A system binary couldEPSS 0.4%CVE-2024-2743MEDIUMIncorrect Authorization in GitLabEPSS 0.4%CVE-2024-38392CRITICALPexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of resources, and thus remote attackers can cauEPSS 0.4%CVE-2024-47077MEDIUMauthentik cross-provider token validation problemsEPSS 0.4%CVE-2024-54916MEDIUMAn issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate attacker to bypass authentication and escaEPSS 0.4%CVE-2026-44380HIGHMISP: Improper access control in auth key reset allows privilege escalation to site administratorEPSS 0.4%CVE-2023-29927MEDIUMVersions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particEPSS 0.4%CVE-2026-23961MEDIUMMastodon may allow a remote suspension bypassEPSS 0.4%CVE-2022-31155MEDIUMUnauthorized overwriting of saved searches in SourcegraphEPSS 0.4%CVE-2023-28635MEDIUMDefining resource name as integer in vantage6 may give unintended accessEPSS 0.4%CVE-2022-31154MEDIUMIndirect Object Access in Sourcegraph Code MonitoringEPSS 0.4%CVE-2022-3248MEDIUMOpenshift api admission checks does not enforce "custom-host" permissionsEPSS 0.4%CVE-2023-47716MEDIUMIBM FileNet Content Manager privilege escalationEPSS 0.4%CVE-2024-5071MEDIUMBookster <= 1.1.0 - Unauthenticated Appointment Status UpdateEPSS 0.4%CVE-2024-32983HIGHMisskey allows the impersonation and takeover of remote accounts with unnormalized signed activitiesEPSS 0.4%CVE-2024-40530HIGHA vulnerability in Pantera CRM versions 401.152 and 402.072 allows unauthorized attackers to bypass IP-based access controls by manipulatingEPSS 0.4%CVE-2023-41882MEDIUMvantage6 Improper Access Control vulnerabilityEPSS 0.4%CVE-2026-42604MEDIUMActual has an OpenID `client_secret` Disclosure via Broken Authorization Guard in `/openid/config`EPSS 0.4%CVE-2023-37492MEDIUMMissing Authorization check in SAP NetWeaver AS ABAP and ABAP PlatformEPSS 0.4%