Falhas do tipo CWE-863

2.102 resultados
CVE-2025-14081MEDIUMUltimate Member <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting BypassEPSS 0.3%CVE-2026-25875CRITICALPlaciPy Admin Privilege Escalation via Trusted JWT ClaimsEPSS 0.3%CVE-2025-59020MEDIUMTYPO3 CMS Allows Broken Access Control in Edit Document ControllerEPSS 0.3%CVE-2026-44330CRITICALfree5GC: NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens can read PFD data and create/delete PFD subscriptionsEPSS 0.3%CVE-2026-27803HIGHVaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager RoleEPSS 0.3%CVE-2024-5539CRITICALALC WebCTRL Carrier i-Vu Access Control BypassEPSS 0.3%CVE-2023-35990The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS SonomEPSS 0.3%CVE-2025-47930MEDIUMZulip Server has access control bypass for restrictions on creation of specific channel typesEPSS 0.3%CVE-2026-40304MEDIUMzrok's broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend recordsEPSS 0.3%CVE-2025-40670HIGHIncorrect Authorization vulnerability in TCMAN GIMEPSS 0.3%CVE-2026-54573MEDIUMAuthorization Bypass in API Key/OAuth Scopes via Path Parsing DiscrepancyEPSS 0.3%CVE-2025-59683HIGHPexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with OfficeEPSS 0.3%CVE-2026-22230HIGHOPEXUS eCASE Audit incorrect access controlEPSS 0.3%CVE-2026-54281HIGHNest: Middleware Bypass on Fastify via Trailing SlashEPSS 0.3%CVE-2024-43250HIGHWordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Plugin Settings Change vulnerabilityEPSS 0.3%CVE-2010-2525A flaw was discovered in gfs2 file system’s handling of acls (access control lists). An unprivileged local attacker could exploit this flaw EPSS 0.3%CVE-2026-47339MEDIUMApache APISIX: authz-casdoor incorrect session sharingEPSS 0.3%CVE-2024-43954MEDIUMWordPress Droip plugin <= 1.1.1 - Subscriber+ Settings Change/Data Exposure VulnerabilityEPSS 0.3%CVE-2026-14340MEDIUMAn incorrect authorization vulnerability in GitHub Enterprise Server allows issue creation in unrelated public repositoriesEPSS 0.3%CVE-2024-34434MEDIUMWordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.2 - Arbitrary Shortcode Execution vulnerabilityEPSS 0.3%