Fallos del tipo CWE-863

2111 resultados
CVE-2022-31646HIGHPotential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escEPSS 0.2%CVE-2022-31644HIGHPotential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escEPSS 0.2%CVE-2026-8823LOWUser Manager can demote bot accounts to guest without bot-management permissionEPSS 0.2%CVE-2021-4275MEDIUMkatlings pyambic-pentameter cross-site request forgeryEPSS 0.2%CVE-2026-41232MEDIUMFroxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index that Allows Cross-Customer Email SpoofingEPSS 0.2%CVE-2026-32717LOWAnythingLLM access control bypass: suspended users can continue using Browser Extension API keysEPSS 0.2%CVE-2026-3115MEDIUMGuest users can view group member IDs without respecting view restrictionsEPSS 0.2%CVE-2022-3024MEDIUMSimple Bitcoin Faucets <= 1.7.0 - Unauthorised AJAX Call to Stored XSSEPSS 0.2%CVE-2025-57728MEDIUMIn JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden filesEPSS 0.2%CVE-2023-6400HIGHIncorrect user authorization vulnerability on OpenText ZENworks Configuration Management (ZCM) product.EPSS 0.2%CVE-2026-44567HIGHOpen WebUI: Open WebUI Improper Authorization ControlEPSS 0.2%CVE-2026-29195MEDIUMNetmaker: Privilege Escalation from Admin to Super-Admin via User UpdateEPSS 0.2%CVE-2022-34397MEDIUM Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypassEPSS 0.2%CVE-2026-40515HIGHOpenHarness Permission Bypass via grep and glob root argumentEPSS 0.2%CVE-2025-10908HIGHAccount Lock Bypass via Magic Link or Pass Key Authentication in WSO2 Identity Server Allows Unauthorized AccessEPSS 0.2%CVE-2025-31227MEDIUMA logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker with physical access to a devEPSS 0.2%CVE-2025-41423LOWUnauthorized Playbooks Post Deletion in Mattermost Playbooks PluginEPSS 0.2%CVE-2025-27213MEDIUMAn Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug BEPSS 0.2%CVE-2024-22316MEDIUMIBM Sterling File Gateway improper access controlEPSS 0.2%CVE-2025-2564MEDIUMUnauthorized View Access to Archived Channel Member InfoEPSS 0.2%