Falhas do tipo CWE-863
2.102 resultadosCVE-2024-9902MEDIUMAnsible-core: ansible-core user may read/write unauthorized contentEPSS 0.2%CVE-2025-59714MEDIUMIn Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can configure loader jobs.EPSS 0.2%CVE-2026-53902HIGHPrivilege Escalation in MCOEPSS 0.2%CVE-2025-4101MEDIUMMultiVendorX – WooCommerce Multivendor Marketplace Solutions <= 4.2.22 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Post DeletionEPSS 0.2%CVE-2025-12149MEDIUMUnauthorized access to documents protected by Document-Level Security (DLS), when Signals watches include a search query involving protected documentsEPSS 0.2%CVE-2024-52584MEDIUMAutolab has vulnerable submission endpointsEPSS 0.2%CVE-2026-26067MEDIUMOctober: Safe Mode Bypass via CSS Preprocessor CompilersEPSS 0.2%CVE-2025-3861MEDIUMPrevent Direct Access 2.8.6 - 2.8.8.2 - Incorrect Authorization to Authenticated (Contributor+) Multiple Media ActionsEPSS 0.2%CVE-2026-45108HIGHHimmelblau: Authentication Bypass via Cross-User Local Session Impersonation in Device Authorization Grant (DAG) FlowEPSS 0.2%CVE-2026-42349HIGHClerk: Authorization bypass when combining organization, billing, or reverification checksEPSS 0.2%CVE-2026-57951HIGHMythic < 3.4.0.60 - Broken Permission Filter in payload_build_step TableEPSS 0.2%CVE-2022-4090MEDIUMrickxy Stock Management System cross-site request forgeryEPSS 0.2%CVE-2026-33469MEDIUMAuthenticated Frigate users can read the full unredacted configuration via `/api/config/rawEPSS 0.2%CVE-2024-7062HIGHLocal Privilege Escalation in Nimble Commander <= v1.6.0, Build 4087EPSS 0.2%CVE-2022-4013MEDIUMHospital Management Center appointment.php cross-site request forgeryEPSS 0.2%CVE-2026-53854MEDIUMOpenClaw < 2026.4.25 - Privilege Escalation via ownerAllowFrom Wildcard Inheritance in Internal/Webchat CommandsEPSS 0.2%CVE-2025-3228MEDIUMUnauthorized Guest user access to PlaybookEPSS 0.2%CVE-2026-2208MEDIUMWeKan Rules rules.js RulesBleed authorizationEPSS 0.2%CVE-2026-33726MEDIUMCilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node trafficEPSS 0.2%CVE-2025-59420HIGHAuthlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)EPSS 0.2%