Falhas do tipo CWE-863

2.111 resultados
CVE-2023-29819MEDIUMAn issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections viEPSS 0.2%CVE-2025-43789LOWJSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 publishedEPSS 0.2%CVE-2023-3379MEDIUMWAGO: Improper Privilege Management in web-based managementEPSS 0.2%CVE-2024-48547HIGHIncorrect access control in the firmware update and download processes of DreamCatcher Life v1.8.7 allows attackers to access sensitive infoEPSS 0.2%CVE-2026-10860HIGHMISP CRUDComponent delete validation bypass via operator precedence errorEPSS 0.2%CVE-2025-55077MEDIUMTyler Technologies ERP Pro 9 SaaS application escapeEPSS 0.2%CVE-2025-30163LOWNode based network policies may incorrectly allow workload trafficEPSS 0.2%CVE-2022-27609MEDIUMForcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of serviEPSS 0.2%CVE-2026-49369MEDIUMIn JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pagesEPSS 0.2%CVE-2025-68422MEDIUMKibana Improper AuthorizationEPSS 0.2%CVE-2025-66423HIGHTryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, aEPSS 0.2%CVE-2024-48545HIGHIncorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows attackers to access sensitive information EPSS 0.2%CVE-2026-5380MEDIUMrunZero Platform cleartext secret exposureEPSS 0.2%CVE-2026-33291MEDIUMDiscourse user can create Zendesk tickets even when it does not have access to topicEPSS 0.2%CVE-2025-65073HIGHOpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide KeEPSS 0.2%CVE-2026-45550CRITICALRoxy-WI: IDOR on PUT /smon/check — any user can rewrite any tenant's monitoring URL/IP/bodyEPSS 0.2%CVE-2025-62487LOWUnder certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files.EPSS 0.2%CVE-2026-5952MEDIUMIncorrect Authorization in GitLabEPSS 0.2%CVE-2026-23964MEDIUMMastodon has insufficient access control to push notification settingsEPSS 0.2%CVE-2025-27933MEDIUMUnauthorized Private-to-Public Channel ConversionEPSS 0.2%