Falhas do tipo CWE-863
2.080 resultadosCVE-2023-33779HIGHA lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crEPSS 1.1%CVE-2021-34647MEDIUMNinja Forms <= 3.5.7 Sensitive Information DisclosureEPSS 1.1%CVE-2024-27309HIGHApache Kafka: Potential incorrect access control during migration from ZK mode to KRaft modeEPSS 1.1%CVE-2022-46076HIGHD-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypass via phpcgi.EPSS 1.1%CVE-2022-23009—On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access otEPSS 1.1%CVE-2020-26223HIGHAuthorization bypass in SpreeEPSS 1.1%CVE-2022-39337HIGHPermission bypass due to incorrect configuration in github.com/dromara/hertzbeatEPSS 1.1%CVE-2020-26250MEDIUMBase class whitelist configuration ignored in OAuthenticatorEPSS 1.1%CVE-2010-1435—Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions EPSS 1.1%CVE-2019-13417—Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not alEPSS 1.1%CVE-2023-36092HIGHAuthentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. NOTEPSS 1.1%CVE-2022-24721HIGHIncorrect Authorization in org.cometd.oortEPSS 1.1%CVE-2024-41617CRITICALMoney Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control. The `redirect_if_not_loggedin` function in `EPSS 1.1%CVE-2021-39156HIGHFragments in Path May Lead to Authorization Policy BypassEPSS 1.1%CVE-2022-23741HIGHIncorrect authorization in GitHub Enterprise Server token generation leading to full admin accessEPSS 1.1%CVE-2021-1539HIGHCisco ASR 5000 Series Software Authorization Bypass VulnerabilitiesEPSS 1.1%CVE-2022-42344HIGH[CVE-2021-36032] Magento IDOR Leads to Account TakeoverEPSS 1.1%CVE-2017-0910—In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realEPSS 1.1%CVE-2022-39955HIGHPartial rule set bypass in OWASP ModSecurity Core Rule Set by submitting a specially crafted HTTP Content-Type headerEPSS 1.1%CVE-2017-18095—The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackerEPSS 1.1%