Fallos del tipo CWE-266

963 resultados
CVE-2025-3517MEDIUMIncorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a prevEPSS 0.3%CVE-2025-14086MEDIUMyoulaitech youlai-mall openid access controlEPSS 0.3%CVE-2023-38296HIGHVarious software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local EPSS 0.3%CVE-2026-1898MEDIUMWeKan LDAP User Sync syncUser.js SyncLDAPBleed access controlEPSS 0.3%CVE-2025-13117MEDIUMmacrozheng mall-swarm/mall cancelOrder improper authorizationEPSS 0.3%CVE-2025-13116MEDIUMmacrozheng mall-swarm/mall cancelUserOrder improper authorizationEPSS 0.3%CVE-2026-13524MEDIUMCherryHQ cherry-studio MCP OAuth Local Callback Server callback.ts improper authorizationEPSS 0.3%CVE-2026-25334HIGHWordPress Salon Booking System Pro plugin < 10.30.12 - Account Takeover vulnerabilityEPSS 0.3%CVE-2025-10084MEDIUMelunez eladmin SysLogController 1 queryErrorLogDetail improper authorizationEPSS 0.3%CVE-2026-2078MEDIUMyeqifu warehouse Permission Management PermissionController.java deletePermission improper authorizationEPSS 0.3%CVE-2025-10209MEDIUMPapermerge DMS Authorization Token improper authorizationEPSS 0.3%CVE-2026-2079MEDIUMyeqifu warehouse Menu Management MenuController.java deleteMenu improper authorizationEPSS 0.3%CVE-2025-11272MEDIUMSeriaWei ZKEACMS POST Request UrlRedirectionController.cs Delete improper authorizationEPSS 0.3%CVE-2026-2077MEDIUMyeqifu warehouse Role Management RoleController.java deleteRole improper authorizationEPSS 0.3%CVE-2026-2076MEDIUMyeqifu warehouse User Management Endpoint UserController.java deleteUser improper authorizationEPSS 0.3%CVE-2021-20264An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker wEPSS 0.3%CVE-2026-9483MEDIUMSourceCodester Student Grades Management System grades.php improper authorizationEPSS 0.3%CVE-2026-11519MEDIUMSourceCodester Inventory System Account Creation users_handler.php improper authorizationEPSS 0.3%CVE-2025-9151MEDIUMLiuYuYang01 ThriveX-Blog web updateJsonValueByName improper authorizationEPSS 0.3%CVE-2020-1705HIGHA vulnerability was found in openshift/template-service-broker-operator in all 4.x.x versions prior to 4.3.0, where an insecure modificationEPSS 0.3%