Fallos del tipo CWE-264

284 resultados
CVE-2020-3485MEDIUMCisco Vision Dynamic Signage Director Role-Based Access Control VulnerabilityEPSS 0.7%CVE-2022-36246CRITICALShop Beat Services Vulnerable To Insecure PermissionsEPSS 0.7%CVE-2021-21437LOWConfig Items are shown to users without permissionEPSS 0.7%CVE-2021-28052HIGHHitachi Content Platform Information Disclosure VulnerabilityEPSS 0.7%CVE-2022-36427HIGHWordPress About Rentals plugin <= 1.5 - Missing Access Control vulnerabilityEPSS 0.7%CVE-2023-22633HIGHAn improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and beEPSS 0.7%CVE-2022-41781MEDIUMWordPress Permalink Manager Lite plugin <= 2.2.20 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2019-6195MEDIUMAn authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid EPSS 0.6%CVE-2021-21438LOWFAQ articles are shown to users without permissionEPSS 0.6%CVE-2022-45066MEDIUMWordPress WooSwipe WooCommerce Gallery plugin <= 2.0.1 - Auth. Broken Access Control vulnerabilityEPSS 0.6%CVE-2022-42461MEDIUMWordPress miniOrange's Google Authenticator plugin <= 5.6.1 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2022-23731V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models.EPSS 0.6%CVE-2023-3599MEDIUMSourceCodester Best Fee Management System Add User admin_class.php save_user access controlEPSS 0.6%CVE-2019-1727MEDIUMCisco NX-OS Software Python Parser Privilege Escalation VulnerabilityEPSS 0.6%CVE-2022-1548LOWPlaybook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins.EPSS 0.5%CVE-2022-35242MEDIUMWordPress THE Leads Management System: 59sec LITE plugin <= 3.4.1 - Unauthenticated plugin settings change vulnerabilityEPSS 0.5%CVE-2023-20190MEDIUMA vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remoteEPSS 0.5%CVE-2022-29444MEDIUMWordPress Breeze plugin <= 2.0.2 - Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerabilityEPSS 0.5%CVE-2022-35238MEDIUMWordPress Awesome Filterable Portfolio plugin <= 1.9.7 - Unauthenticated Plugin Settings Change vulnerabilityEPSS 0.5%CVE-2022-38067MEDIUMWordPress Event Calendar – Calendar plugin <= 1.4.6 - Unauthenticated Event Deletion vulnerabilityEPSS 0.5%