Falhas do tipo CWE-863

2.102 resultados
CVE-2026-26265HIGHDiscourse has IDOR vulnerability in the directory items endpointEPSS 0.2%CVE-2026-42429MEDIUMOpenClaw < 2026.4.8 - Privilege Escalation via Gateway Plugin HTTP AuthenticationEPSS 0.2%CVE-2023-35866In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factorEPSS 0.2%CVE-2026-22892MEDIUMInsufficient Authorization in Mattermost Jira Plugin Allows Unauthorized Access to Post AttachmentsEPSS 0.2%CVE-2026-4262MEDIUMIncorrect authorization in HiJiffy ChatbotEPSS 0.2%CVE-2025-68941MEDIUMGitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.EPSS 0.2%CVE-2025-68666MEDIUMDiscourse users archives leaked to users with moderation privilegesEPSS 0.2%CVE-2026-32027HIGHOpenClaw < 2026.2.26 - Improper Authorization via DM Pairing Store Identity Inheritance in Group AllowlistEPSS 0.2%CVE-2025-65002HIGHFujitsu / Fsas Technologies iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if the length of a username is exactly 16 characters.EPSS 0.2%CVE-2024-6150MEDIUMA non-admin user can cause short-term disruption in Target VM availability in Citrix ProvisioningEPSS 0.2%CVE-2026-5149MEDIUMRTMKit <= 2.0.7 - Authenticated (Contributor+) Missing Authorization to Arbitrary Form Submission Access via 'entries_id' ParameterEPSS 0.2%CVE-2022-4397MEDIUMmorontt zend-blog-number-2 Comment Comment.php cross-site request forgeryEPSS 0.2%CVE-2025-43784MEDIUMImproper Access Control vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.8, 2024.Q1.1 thrEPSS 0.2%CVE-2026-44991LOWOpenClaw < 2026.4.21 - Authorization Bypass in Owner-Enforced Commands via Wildcard Channel SendersEPSS 0.2%CVE-2026-45831HIGHThe SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a useEPSS 0.2%CVE-2025-64490HIGHSuiteCRM's Inconsistent RBAC Enforcement Enables Access Control BypassEPSS 0.2%CVE-2026-31887HIGHShopware unauthenticated data extraction possible through store-api.order endpointEPSS 0.2%CVE-2022-4349MEDIUMCTF-hacker pwn delete.html cross-site request forgeryEPSS 0.2%CVE-2026-41910LOWOpenClaw < 2026.4.8 - Missing Owner-Only Enforcement in /allowlist Cross-Channel WritesEPSS 0.2%CVE-2025-21553MEDIUMVulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.25, 21.3-21.16 and 23.4EPSS 0.2%