Fallos del tipo CWE-863

2102 resultados
CVE-2025-49550MEDIUMAdobe Commerce | Incorrect Authorization (CWE-863)EPSS 0.3%CVE-2024-22938HIGHInsecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the initEPSS 0.3%CVE-2026-33132MEDIUMZITADEL is missing enforcement of organization scopesEPSS 0.3%CVE-2025-6168LOWIncorrect Authorization in GitLabEPSS 0.3%CVE-2026-45339MEDIUMOpen WebUI: API key endpoint restrictions bypassed via `x-api-key` header — full message processing on restricted endpointsEPSS 0.3%CVE-2020-15248MEDIUMPrivilege escalation by backend users assigned to the default "Publisher" system roleEPSS 0.3%CVE-2025-21570MEDIUMVulnerability in the Oracle Life Sciences Argus Safety product of Oracle Health Sciences Applications (component: Login). The supported veEPSS 0.3%CVE-2026-32924MEDIUMOpenClaw < 2026.3.12 - Authorization Bypass via Misclassified Reaction Events in FeishuEPSS 0.3%CVE-2025-30155MEDIUMTuleap does not enforce read permissions on parent trackers in the REST APIEPSS 0.3%CVE-2026-28873HIGHThis issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. EPSS 0.3%CVE-2026-24851MEDIUMOpenFGA Improper Policy EnforcementEPSS 0.3%CVE-2025-66719CRITICALAn issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck() function in file EPSS 0.3%CVE-2025-3476CRITICALIncorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allows privilege escalation by authentEPSS 0.3%CVE-2025-41030MEDIUMMultiple vulnerabilities in Deporsite by T-INNOVAEPSS 0.3%CVE-2025-41031MEDIUMMultiple vulnerabilities in Deporsite by T-INNOVAEPSS 0.3%CVE-2023-52361HIGHThe VerifiedBoot module has a vulnerability that may cause authentication errors.Successful exploitation of this vulnerability may affect inEPSS 0.3%CVE-2025-3453MEDIUMPassword Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products <= 2.7.7 - Unauthenticated Sensitive Information ExposureEPSS 0.3%CVE-2025-10545LOWGuest user can add unauthorized team users to private channelsEPSS 0.3%CVE-2026-27936MEDIUMDiscourse discloses restricted post-action counts to non-privileged usersEPSS 0.3%CVE-2026-27899HIGHWireGuard Portal Vulnerable to Privilege Escalation to Admin via User Self-UpdateEPSS 0.3%