Fallos del tipo CWE-863
2102 resultadosCVE-2024-13257MEDIUMCommerce View Receipt - Moderately critical - Access bypass - SA-CONTRIB-2024-021EPSS 0.3%CVE-2026-25741HIGHZulip Vulnerable to Modification of Payment Method (Stripe Default Card) by Non-Billing UsersEPSS 0.3%CVE-2024-56350MEDIUMIn JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projectsEPSS 0.3%CVE-2025-49641MEDIUMInsufficient permission check for the problem.view.refresh actionEPSS 0.3%CVE-2025-69416MEDIUMIn the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrEPSS 0.3%CVE-2026-32108LOWCopyparty ftp/sftp: Sharing a single file did not fully restrict source-folder accessEPSS 0.3%CVE-2025-69417MEDIUMIn the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrEPSS 0.3%CVE-2025-27822HIGHAn issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user aEPSS 0.3%CVE-2026-33428MEDIUMDiscourse Allows Unauthorized Access to Deleted Posts Index via Group MembershipEPSS 0.3%CVE-2022-3585MEDIUMSourceCodester Simple Cold Storage Management System Contact Us cross-site request forgeryEPSS 0.3%CVE-2025-21561MEDIUMVulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Purchasing). The supported version thatEPSS 0.3%CVE-2024-21736MEDIUMMissing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)EPSS 0.3%CVE-2025-30171HIGHAdmin Authorized System File DeletionEPSS 0.3%CVE-2026-33031HIGHNginx-UI: Disabled users retain full API access through previously issued bearer tokensEPSS 0.3%CVE-2026-23989HIGHREVA Public Link ExploitEPSS 0.3%CVE-2025-3644MEDIUMMoodle: ajax section delete does not respect course_can_delete_section()EPSS 0.3%CVE-2026-22253MEDIUMSoft Serve is missing an authorization check in LFS lock deletionEPSS 0.3%CVE-2026-32726HIGHSciTokens C++: Sibling-Path Authorization BypassEPSS 0.3%CVE-2026-35619MEDIUMOpenClaw < 2026.3.24 - Authorization Bypass via HTTP /v1/models EndpointEPSS 0.3%CVE-2024-34130MEDIUMAcrobat Android : OverSecured Finding : Access to arbitrary* content providers via insecure Intent configurationEPSS 0.3%