Falhas do tipo CWE-863
2.111 resultadosCVE-2025-27933MEDIUMUnauthorized Private-to-Public Channel ConversionEPSS 0.2%CVE-2025-52890HIGHIncus vulnerable to antispoofing nftables firewall rule bypass on bridge networks with ACLsEPSS 0.2%CVE-2025-10016HIGHLocal Privilege Escalation in Sparkle Autoupdate DaemonEPSS 0.2%CVE-2026-53808MEDIUMOpenClaw < 2026.5.6 - Approval Policy Bypass in Skill Workshop Apply FlowEPSS 0.2%CVE-2026-48507HIGHSnipe-IT: Bulk editing users allowed `ldap_import` and `activated_in` bulk editing usersEPSS 0.2%CVE-2026-2726MEDIUMIncorrect Authorization in GitLabEPSS 0.2%CVE-2025-11239LOWJob details are visible to all team members on KNIME Business HubEPSS 0.2%CVE-2026-12446MEDIUMInappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via aEPSS 0.2%CVE-2021-3456—An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions EPSS 0.2%CVE-2026-48860HIGHDistribution-over-TLS LAN allowlist silently bypassed due to sockname/peername confusion in inet_tls_distEPSS 0.2%CVE-2025-14943MEDIUMBlog2Social: Social Media Auto Post & Scheduler <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information ExposureEPSS 0.2%CVE-2026-39381MEDIUMParse Server's Endpoint `/sessions/me` bypasses `_Session` `protectedFields`EPSS 0.2%CVE-2026-5796MEDIUMIncorrect Authorization in GitLabEPSS 0.2%CVE-2025-20381MEDIUMSPL commands allowlist controls bypass in Splunk MCP Server app through "run_splunk_query" MCP toolEPSS 0.2%CVE-2026-9807MEDIUMIncorrect Authorization in GitLabEPSS 0.2%CVE-2024-48548CRITICALThe APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attaEPSS 0.2%CVE-2024-48542HIGHIncorrect access control in the firmware update and download processes of Yamaha Headphones Controller v1.6.7 allows attackers to access senEPSS 0.2%CVE-2025-1501MEDIUMIncorrect authorization for traces request/download in CMC before 25.1.0EPSS 0.2%CVE-2026-8074LOWImproper Permission Check Allows User Manager to Deactivate Bot AccountsEPSS 0.2%CVE-2026-53834HIGHOpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash CommandsEPSS 0.2%