Fallos del tipo CWE-863

2111 resultados
CVE-2026-32028MEDIUMOpenClaw < 2026.2.25 - Missing Authorization Check in Discord DM Reaction IngressEPSS 0.2%CVE-2023-3379MEDIUMWAGO: Improper Privilege Management in web-based managementEPSS 0.2%CVE-2025-30163LOWNode based network policies may incorrectly allow workload trafficEPSS 0.2%CVE-2026-49369MEDIUMIn JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pagesEPSS 0.2%CVE-2024-48547HIGHIncorrect access control in the firmware update and download processes of DreamCatcher Life v1.8.7 allows attackers to access sensitive infoEPSS 0.2%CVE-2025-68422MEDIUMKibana Improper AuthorizationEPSS 0.2%CVE-2025-55077MEDIUMTyler Technologies ERP Pro 9 SaaS application escapeEPSS 0.2%CVE-2026-10860HIGHMISP CRUDComponent delete validation bypass via operator precedence errorEPSS 0.2%CVE-2025-43789LOWJSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 publishedEPSS 0.2%CVE-2022-27609MEDIUMForcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of serviEPSS 0.2%CVE-2026-5380MEDIUMrunZero Platform cleartext secret exposureEPSS 0.2%CVE-2025-66423HIGHTryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, aEPSS 0.2%CVE-2026-33291MEDIUMDiscourse user can create Zendesk tickets even when it does not have access to topicEPSS 0.2%CVE-2024-48545HIGHIncorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows attackers to access sensitive information EPSS 0.2%CVE-2025-65073HIGHOpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide KeEPSS 0.2%CVE-2025-62487LOWUnder certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files.EPSS 0.2%CVE-2026-45550CRITICALRoxy-WI: IDOR on PUT /smon/check — any user can rewrite any tenant's monitoring URL/IP/bodyEPSS 0.2%CVE-2025-27933MEDIUMUnauthorized Private-to-Public Channel ConversionEPSS 0.2%CVE-2025-52890HIGHIncus vulnerable to antispoofing nftables firewall rule bypass on bridge networks with ACLsEPSS 0.2%CVE-2026-23964MEDIUMMastodon has insufficient access control to push notification settingsEPSS 0.2%