Fallos del tipo CWE-863

2093 resultados
CVE-2023-51380LOWIncorrect Authorization allows Read Access to Issue Comments in GitHub Enterprise ServerEPSS 0.5%CVE-2023-0091LOWA flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flawEPSS 0.5%CVE-2021-44465MEDIUMImproper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe EPSS 0.5%CVE-2023-23604MEDIUMCreation of duplicate SystemPrincipal from less secure contextsEPSS 0.5%CVE-2026-25890HIGHFile Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URLEPSS 0.5%CVE-2023-6837HIGHIncorrect Authorization in Multiple WSO2 Products via Federated Authentication with JIT Provisioning Leading to User ImpersonationEPSS 0.5%CVE-2023-31141MEDIUMOpenSearch issue with fine-grained access control during extremely rare race conditionsEPSS 0.5%CVE-2023-32219MEDIUMMazda cars unlockingEPSS 0.5%CVE-2023-2759HIGHTAPHOME Improper Authentication in Core PlatformEPSS 0.5%CVE-2024-8606CRITICALFix 2FA bypass via RestAPIEPSS 0.5%CVE-2023-25594MEDIUMAuthorization Bypass Leading to Privilege Escalation in ClearPass Policy Manager Web-Based Management InterfaceEPSS 0.5%CVE-2024-36037MEDIUMInsufficient Access Control VulnerabilityEPSS 0.5%CVE-2018-10910MEDIUMA bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This siEPSS 0.5%CVE-2025-40568MEDIUMA vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All vEPSS 0.5%CVE-2026-44573HIGHNext.js: Middleware / Proxy bypass in Pages Router applications using i18nEPSS 0.5%CVE-2025-30703LOWVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0EPSS 0.5%CVE-2023-37881MEDIUMWeak Access Control between Domains in Wing FTP Server <= 7.2.0EPSS 0.5%CVE-2024-10975HIGHNomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write PermissionEPSS 0.5%CVE-2020-36610MEDIUMannyshow DuxCMS cross-site request forgeryEPSS 0.5%CVE-2024-24774LOWMissing authorization allows users to access arbitrary security levels on Jira through webhooks (Jira Plugin)EPSS 0.5%