Falhas do tipo CWE-266

938 resultados
CVE-2023-1874HIGHWP Data Access <= 5.3.7 - Authenticated (Subscriber+) Privilege EscalationEPSS 2.7%CVE-2024-24882CRITICALWordPress LMS by Masteriyo plugin <= 1.7.2 - Privilege Escalation vulnerabilityEPSS 2.1%CVE-2018-1101Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalatiEPSS 2.0%CVE-2025-34112CRITICALRiverbed SteelCentral NetProfiler / NetExpress 10.8.7 RCEEPSS 2.0%CVE-2024-13030MEDIUMD-Link DIR-823G Web Management Interface HNAP1 SetVirtualServerSettings access controlEPSS 1.9%CVE-2024-54363CRITICALWordPress Wp NssUser Register plugin <= 1.0.0 - Privilege Escalation vulnerabilityEPSS 1.8%CVE-2024-27460MEDIUMA privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below.EPSS 1.7%CVE-2020-7009Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create AEPSS 1.6%CVE-2020-7014The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escaEPSS 1.5%CVE-2024-10654MEDIUMTOTOLINK LR350 formLoginAuth.htm authorizationEPSS 1.5%CVE-2020-14318MEDIUMA flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certaiEPSS 1.5%CVE-2021-1303MEDIUMCisco DNA Center Privilege Escalation VulnerabilityEPSS 1.4%CVE-2021-1594HIGHCisco Identity Services Engine Privilege Escalation VulnerabilityEPSS 1.4%CVE-2026-4180MEDIUMD-Link DIR-816 goahead redirect.asp access controlEPSS 1.4%CVE-2012-4549MEDIUMJboss enterprise application platform: org.jboss.as.ejb3: jboss enterprise application platform: access restriction bypass via improper ejb method authorizationEPSS 1.3%CVE-2026-4194MEDIUMD-Link DNS-1550-04 system_mgr.cgi cgi_set_wto access controlEPSS 1.2%CVE-2019-10940A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attackEPSS 1.2%CVE-2024-40433HIGHInsecure Permissions vulnerability in Tencent wechat v.8.0.37 allows an attacker to escalate privileges via the web-view component.EPSS 1.2%CVE-2025-2553MEDIUMD-Link DIR-618/DIR-605L formVirtualServ access controlEPSS 1.1%CVE-2024-54383CRITICALWordPress WooCommerce - PDF Vouchers plugin < 4.9.9 - Broken Authentication vulnerabilityEPSS 1.1%