Falhas do tipo CWE-250
328 resultadosCVE-2024-1222HIGHIncorrect authorization controls in PaperCut NG/MF APIsEPSS 64.0%CVE-2025-12420CRITICALUnauthenticated Privilege Escalation in ServiceNow AI PlatformEPSS 45.5%CVE-2024-38813HIGHPrivilege escalation vulnerabilityEPSS 14.6%KEVCVE-2025-34515CRITICALIlevia EVE X1 Server 4.7.18.0.eden Root Privilege EscalationEPSS 7.3%CVE-2026-29205HIGHIncorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment downloaEPSS 7.2%CVE-2019-16765HIGHIf an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension actEPSS 4.7%CVE-2022-1808HIGHExecution with Unnecessary Privileges in polonel/trudeskEPSS 3.4%CVE-2026-25643CRITICALFrigate Affected by Authenticated Remote Command Execution (RCE) and Container EscapeEPSS 2.9%CVE-2023-46360HIGHHardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges.EPSS 2.8%CVE-2023-39508HIGHApache Airflow: Airflow "Run task" feature allows execution with unnecessary priviledgesEPSS 2.4%CVE-2024-7387CRITICALOpenshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategyEPSS 2.3%CVE-2021-1579HIGHCisco Application Policy Infrastructure Controller App Privilege Escalation VulnerabilityEPSS 2.1%CVE-2024-43653CRITICALAuthenticated command injection in the <redacted> action leads to full remote code execution as root on the charging stationEPSS 2.1%CVE-2024-43654CRITICALAuthenticated command injection in the <redacted> action leads to full remote code execution as root on the charging stationEPSS 2.1%CVE-2025-40602MEDIUMA local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).EPSS 1.9%KEVCVE-2024-43652CRITICALAuthenticated command injection in the <redacted> action leads to full remote code execution as root on the charging stationEPSS 1.9%CVE-2024-43648CRITICALAuthenticated command injection via <redacted>.exe <redacted> parameterEPSS 1.8%CVE-2024-43649CRITICALAuthenticated command injection via <redacted>.exe <redacted> parameterEPSS 1.8%CVE-2025-34274CRITICALNagios Log Server < 2024R2.0.3 Logstash Process Root PrivilegesEPSS 1.7%CVE-2021-41035—In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methEPSS 1.7%