Fallos del tipo CWE-863
2102 resultadosCVE-2025-21533MEDIUMVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are PrioEPSS 0.3%CVE-2024-13290MEDIUMOhDear Integration - Moderately critical - Access bypass - SA-CONTRIB-2024-056EPSS 0.3%CVE-2024-13302MEDIUMPages Restriction Access - Critical - Access bypass - SA-CONTRIB-2024-068EPSS 0.3%CVE-2025-8068MEDIUMHT Mega – Absolute Addons For Elementor <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator ActionsEPSS 0.3%CVE-2025-30741MEDIUMPixelfed before 0.12.5 allows anyone to follow private accounts and see private posts on other Fediverse servers. This affects users elsewheEPSS 0.3%CVE-2025-30179MEDIUMMFA Enforcement Bypass in Search APIsEPSS 0.3%CVE-2024-50419MEDIUMWordPress Greenshift plugin <=9.7 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-48881HIGHValtimo backend libraries allows objects in the object-api to be accessed and modified by unauthorized usersEPSS 0.3%CVE-2024-6979MEDIUMAmin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- anEPSS 0.3%CVE-2026-24428HIGHTenda W30E V2 Incorrect Authorization Allows Administrator Password ChangeEPSS 0.3%CVE-2025-30739MEDIUMVulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that aEPSS 0.3%CVE-2026-42610MEDIUMGrav: Sensitive Information Disclosure via Accounts Service BypassEPSS 0.3%CVE-2024-7836MEDIUMThemify Builder <= 7.6.1 - Missing Authorization to Authenticated (Contributor+) Post DuplicationEPSS 0.3%CVE-2026-48501HIGHGitHub CLI tokens leak via `gh attestation` commandsEPSS 0.3%CVE-2025-11438MEDIUMJhumanJ OpnForm API Endpoint custom-domains authorizationEPSS 0.3%CVE-2026-44110HIGHOpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing StoreEPSS 0.3%CVE-2026-32972HIGHOpenClaw < 2026.3.11 - Authorization Bypass in Browser Profile Management via browser.requestEPSS 0.3%CVE-2026-25875CRITICALPlaciPy Admin Privilege Escalation via Trusted JWT ClaimsEPSS 0.3%CVE-2026-29044MEDIUMEVerest: Charging Continues When WithdrawAuthorization Is Processed Before TransactionStartedEPSS 0.3%CVE-2025-24397MEDIUMAn incorrect permission check in Jenkins GitLab Plugin 1.9.6 and earlier allows attackers with global Item/Configure permission (while lackiEPSS 0.3%