Fallos del tipo CWE-285

1302 resultados
CVE-2026-4248HIGHUltimate Member <= 2.11.2 - Authenticated (Contributor+) Sensitive Information Exposure to Account Takeover via Shortcode Template TagEPSS 0.2%CVE-2024-32359MEDIUMAn RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute arbitrary code through designed commands to obtaiEPSS 0.2%CVE-2023-32662MEDIUMImproper authorization in some Intel Battery Life Diagnostic Tool installation software before version 2.2.1 may allow a privilaged user to EPSS 0.2%CVE-2024-13724MEDIUMWallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Missing AuthorizationEPSS 0.2%CVE-2026-21886MEDIUMOpenCTI's GraphQL Mutations Allow Deletion of Unrelated EntitiesEPSS 0.2%CVE-2026-21641HIGHHackerOne community member Jad Ghamloush (0xjad) has reported an authorization bypass vulnerability in the `tracker-delete.php` script of ReEPSS 0.2%CVE-2026-34370MEDIUMChamilo LMS: IDOR in the Notebook Module allows an attacker to view other users' private notesEPSS 0.2%CVE-2026-2694MEDIUMThe Events Calendar <= 6.15.16 - Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST APIEPSS 0.2%CVE-2025-7221MEDIUMGiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation UpdateEPSS 0.2%CVE-2022-2393A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication isEPSS 0.2%CVE-2026-10282MEDIUMBottelet DaybydayCRM DocumentsController.php view improper authorizationEPSS 0.2%CVE-2024-57954MEDIUMPermission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service cEPSS 0.2%CVE-2025-8147MEDIUMLWSCache <= 2.8.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation via lwscache_activatePlugin FunctionEPSS 0.2%CVE-2026-34315MEDIUMVulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affeEPSS 0.2%CVE-2026-12797MEDIUMBerriAI litellm Completions banned_keywords.py async_pre_call_hook authorizationEPSS 0.2%CVE-2025-4654LOWSoumettre.fr <= 2.1.5 - Improper Authorization to Unauthenticated Soumettre Posts Creation/Modification/DeletionEPSS 0.2%CVE-2026-45345MEDIUMOpen WebUI: Missing authorization check at the model update function - models from other users can be updatedEPSS 0.2%CVE-2025-65782MEDIUMAn issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authorization flaw in card update EPSS 0.2%CVE-2026-7631MEDIUMcode-projects Online Hospital Management System Registration improper authorizationEPSS 0.2%CVE-2026-11461MEDIUMNousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorizationEPSS 0.2%