Falhas do tipo CWE-863
2.080 resultadosCVE-2023-33651HIGHAn issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 InitiaEPSS 1.4%CVE-2021-39206HIGHIncorrect Authorization with specially crafted requestsEPSS 1.4%CVE-2021-1144HIGHCisco Connected Mobile Experiences Privilege Escalation VulnerabilityEPSS 1.4%CVE-2022-0920—Salon booking system < 7.6.3 - Customer+ Bookings/Customers Data DisclosureEPSS 1.4%CVE-2023-6152MEDIUMA user changing their email after signing up and verifying it can change it without verification in profile settings.
The configuration optEPSS 1.4%CVE-2022-21706HIGHMulti-use invitations can grant access to other organizations in ZulipEPSS 1.4%CVE-2024-29834MEDIUMApache Pulsar: Improper Authorization For Namespace and Topic Management EndpointsEPSS 1.4%CVE-2021-4133—A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create newEPSS 1.3%CVE-2021-38312HIGHGutenberg Template Library & Redux Framework <= 4.2.11 Incorrect Authorization check to Arbitrary plugin installation and post deletionEPSS 1.3%CVE-2019-6836—A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX EPSS 1.3%CVE-2023-40610MEDIUMApache Superset: Privilege escalation with default examples databaseEPSS 1.3%CVE-2024-27139HIGHApache Archiva: incorrect authentication potentially leading to account takeoverEPSS 1.3%CVE-2022-45544HIGHInsecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code EPSS 1.3%CVE-2021-3563—A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some paEPSS 1.3%CVE-2023-40611MEDIUMApache Airflow Dag Runs Broken Access Control VulnerabilityEPSS 1.3%CVE-2021-32701HIGHPossible bypass of token claim validation when OAuth2 Introspection caching is enabledEPSS 1.3%CVE-2021-24717—AutomatorWP < 1.7.6 - Missing Authorization and Privilege EscalationEPSS 1.3%CVE-2021-20282—When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle beEPSS 1.3%CVE-2017-15091—An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, wheEPSS 1.3%CVE-2007-3968MEDIUMindex.php in dirLIST before 0.1.1 allows remote attackers to list the contents of an excluded folder via a modified URL containing the foldeEPSS 1.3%