Fallos del tipo CWE-285
1295 resultadosCVE-2026-3762MEDIUMSourceCodester Client Database Management System Endpoint superadmin_delete_manager.php improper authorizationEPSS 0.5%CVE-2026-30956CRITICALOneUptime has authorization bypass via client‑controlled is-multi-tenant-query headerEPSS 0.5%CVE-2022-2901HIGHImproper Authorization in chatwoot/chatwootEPSS 0.5%CVE-2023-20183MEDIUMCisco DNA Center Software API VulnerabilitiesEPSS 0.5%CVE-2026-40247HIGHfree5gc UDR improper path validation allows unauthenticated access to Traffic Influence SubscriptionsEPSS 0.5%CVE-2022-31666HIGHHarbor fails to validate user permissions while Viewing, updating and deleting Webhook policiesEPSS 0.5%CVE-2026-22022HIGHApache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPluginEPSS 0.5%CVE-2024-23665MEDIUMMultiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.0.10 and bEPSS 0.5%CVE-2025-8755MEDIUMmacrozheng mall com.macro.mall.portal.controller UmsMemberController.java detail authorizationEPSS 0.5%CVE-2024-3139MEDIUMSourceCodester Computer Laboratory Management System save_users improper authorizationEPSS 0.5%CVE-2024-55954HIGHOpenObserve Improper Authorization Allows Admin User to Remove Root UserEPSS 0.5%CVE-2023-6878HIGHSlick Social Share Buttons <= 2.4.11 - Authenticated (Subscriber+) Arbitrary Option UpdateEPSS 0.5%CVE-2024-25106CRITICALOpenObserve Unauthorized Access Vulnerability in Users APIEPSS 0.5%CVE-2023-20184MEDIUMCisco DNA Center Software API VulnerabilitiesEPSS 0.5%CVE-2022-3683HIGHSDM600 API web services authorization validationEPSS 0.5%CVE-2024-47084MEDIUMCORS origin validation is not performed when the request has a cookie in GradioEPSS 0.5%CVE-2024-9235HIGHMapster WP Maps <= 1.5.0 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Options UpdateEPSS 0.5%CVE-2024-21402HIGHMicrosoft Outlook Elevation of Privilege VulnerabilityEPSS 0.5%CVE-2026-26020CRITICALAutoGPT Affected by Remote Code Execution via Dynamic Module Import in Block Loading (__import__)EPSS 0.5%CVE-2025-4104CRITICALFrontend Dashboard 1.0 - 2.2.6 - Missing Authorization to Unauthenticated Privilege Escalation via fed_wp_ajax_fed_login_form_post FunctionEPSS 0.5%