Weaknesses of type CWE-863
2,093 resultsCVE-2024-48786CRITICALAn issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmEPSS 0.5%CVE-2024-54488MEDIUMA logic issue was addressed with improved file handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2,EPSS 0.5%CVE-2024-48787CRITICALAn issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware updaEPSS 0.5%CVE-2024-45043MEDIUMOpenTelemetry Collector AWS Firehose Receiver Authentication Bypass VulnerabilityEPSS 0.5%CVE-2026-28474CRITICALOpenClaw Nextcloud Talk < 2026.2.6 - Allowlist Bypass via actor.name Display Name SpoofingEPSS 0.5%CVE-2024-42773CRITICALAn Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which alloEPSS 0.5%CVE-2024-10109HIGHIncorrect Authorization in mintplex-labs/anything-llmEPSS 0.5%CVE-2023-42860HIGHA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS VentuEPSS 0.5%CVE-2023-50732HIGHVelocity execution without script right through tree macroEPSS 0.5%CVE-2025-66170MEDIUMApache CloudStack: Any user can list backups that they should not have access toEPSS 0.5%CVE-2026-41470HIGHLIVE555 < 2026.04.22 RTSP Server Authorization Bypass via Session TokenEPSS 0.5%CVE-2024-48792HIGHAn issue in Hideez com.hideez 2.7.8.3 allows a remote attacker to obtain sensitive information via the firmware update process.EPSS 0.5%CVE-2024-43131HIGHWordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin < 1.7.0 - Unauthenticated Arbitrary Post/Page Deletion vulnerabilityEPSS 0.5%CVE-2024-24751MEDIUMBroken Access Control in Backend Module in sf_event_mgtEPSS 0.5%CVE-2024-6202CRITICALHaloITSM - SAML XML Signature Wrapping (XSW)EPSS 0.5%CVE-2025-3260HIGHA security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissionEPSS 0.5%CVE-2025-31254MEDIUMThis issue was addressed with improved URL validation. This issue is fixed in Safari 26, iOS 26 and iPadOS 26. Processing maliciously crafteEPSS 0.5%CVE-2024-42452HIGHA vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials,EPSS 0.5%CVE-2022-43770MEDIUMHitachi Vantara Pentaho Business Analytics Server - Incorrect AuthorizationEPSS 0.5%CVE-2024-9693HIGHIncorrect Authorization in GitLabEPSS 0.5%