Falhas do tipo CWE-863

2.102 resultados
CVE-2025-3647MEDIUMMoodle: idor when accessing the cohorts reportEPSS 0.3%CVE-2023-52538CRITICALVulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will afEPSS 0.3%CVE-2026-32001MEDIUMOpenClaw < 2026.2.22 - Node Role Device-Identity Bypass via WebSocket AuthenticationEPSS 0.3%CVE-2026-54022MEDIUMOpen WebUI: Any authenticated user can read other users' private notes via Socket.IOEPSS 0.3%CVE-2024-9825MEDIUMThe Chef Habitat builder is impacted by Indirect Object reference(IDOR) by deletion of personal access tokenEPSS 0.3%CVE-2026-53828HIGHOpenClaw < 2026.5.6 - Native Command Authorization Bypass via Owner-Command EnforcementEPSS 0.3%CVE-2025-62275MEDIUMBlogs in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 thrEPSS 0.3%CVE-2026-34600MEDIUMJoplin Server delta API returns note content after share access is revokedEPSS 0.3%CVE-2026-43913HIGHVaultwarden: Unconfirmed Owner Can Purge Entire Organization VaultEPSS 0.3%CVE-2026-34506LOWOpenClaw < 2026.3.8 - Sender Allowlist Bypass in Microsoft Teams Plugin via Route Allowlist ConfigurationEPSS 0.3%CVE-2024-21259HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are PrioEPSS 0.3%CVE-2026-45552CRITICALRoxy-WI: Cross-tenant authorization bypass on /install/* — guest can run Ansible / SSH on every registered serverEPSS 0.3%CVE-2024-6358MEDIUMIncorrect Authorization vulnerabilityEPSS 0.3%CVE-2026-56232HIGHCapgo - Subkey Scope Bypass in middlewareKey via x-limited-key-id HeaderEPSS 0.3%CVE-2026-41068HIGHKyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix)EPSS 0.3%CVE-2025-41246HIGHImproper authorisation vulnerabilityEPSS 0.3%CVE-2026-24487MEDIUMOpenEMR has FHIR Patient Compartment Bypass in CareTeam ResourceEPSS 0.3%CVE-2026-27607HIGHRustFS's Missing Post Policy Validation leads to Arbitrary Object WriteEPSS 0.3%CVE-2025-13829HIGHIncorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any EPSS 0.3%CVE-2025-71278HIGHXenForo OAuth2 Unauthorized Scope RequestEPSS 0.3%