Falhas do tipo CWE-280
145 resultadosCVE-2024-22078HIGHAn issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable EPSS 0.6%CVE-2026-40371HIGHMicrosoft Dynamics 365 (on-premises) Elevation of Privilege VulnerabilityEPSS 0.6%CVE-2024-6660HIGHBookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File UploadEPSS 0.6%CVE-2025-27025HIGHImproper File Access in Infinera G42EPSS 0.6%CVE-2024-36451HIGHImproper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerEPSS 0.6%CVE-2024-25844HIGHAn issue was discovered in Common-Services "So Flexibilite" (soflexibilite) module for PrestaShop before version 4.1.26, allows remote attacEPSS 0.5%CVE-2024-29852LOWVeeam Backup Enterprise Manager allows high-privileged users to read backup session logs.EPSS 0.5%CVE-2024-8451HIGHPLANET Technology switch devices - SSH server DoS attackEPSS 0.5%CVE-2023-6189MEDIUMImproper Permission Handling in M-Files ServerEPSS 0.5%CVE-2024-5163CRITICALImproper permission settings in com.transsion.carlcareEPSS 0.5%CVE-2024-47766MEDIUMPermissions are incorrectly verified for project administrators in the cross tracker search widgetEPSS 0.5%CVE-2024-39691MEDIUMMalicious Matrix homeserver can leak truncated message content of messages it shouldn't have access toEPSS 0.5%CVE-2024-0560MEDIUMApicast: use_3scale_oidc_issuer_endpoint of token introspection policy isn't compatible with rh-sso 7.5 or later versionsEPSS 0.5%CVE-2024-22077MEDIUMAn issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions.EPSS 0.5%CVE-2024-32882LOWPermission check bypass when editing a model with per-field restrictions in wagtailEPSS 0.5%CVE-2024-1608CRITICALOPPO Usercenter Credit sdkEPSS 0.5%CVE-2023-38298HIGHVarious software builds for the following TCL devices (30Z, A3X, 20XE, 10L) leak the device IMEI to a system property that can be accessed bEPSS 0.5%CVE-2024-32000MEDIUMTruncated content of messages can be leaked from matrix-appservice-ircEPSS 0.4%CVE-2023-43087MEDIUM
Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker coEPSS 0.4%CVE-2024-47767MEDIUMTuleap lists trackers in the quick add actions of the backlog without any permissions checkEPSS 0.4%