Falhas do tipo CWE-285
1.295 resultadosCVE-2026-34656MEDIUMAdobe Commerce | Improper Authorization (CWE-285)EPSS 0.4%CVE-2026-1106MEDIUMChamilo LMS Legal Consent SocialController.php deleteLegal improper authorizationEPSS 0.4%CVE-2026-22042MEDIUMRustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege EscalationEPSS 0.4%CVE-2023-32709MEDIUMLow-privileged User can View Hashed Default Splunk PasswordEPSS 0.4%CVE-2024-1289MEDIUMLearnPress <= 4.2.6.3 - Insecure Direct Object ReferenceEPSS 0.4%CVE-2020-27779—A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker tEPSS 0.4%CVE-2021-25417—Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage.EPSS 0.4%CVE-2025-2637MEDIUMJIZHICMS Account Profile Page userinfo.html improper authorizationEPSS 0.4%CVE-2026-32716HIGHSciTokens: Authorization Bypass via Incorrect Scope Path Prefix CheckingEPSS 0.4%CVE-2024-41670HIGHPayPal Official Module for PrestaShop has Improperly Implemented Security Check for StandardEPSS 0.4%CVE-2026-2109MEDIUMjsbroks COCO Annotator Delete Category undo improper authorizationEPSS 0.4%CVE-2025-3564MEDIUMhuanfenz/code-projects StudentManager Teacher String improper authorizationEPSS 0.4%CVE-2025-3967MEDIUMitwanger paicoding Article post improper authorizationEPSS 0.4%CVE-2024-39418MEDIUMAdobe Commerce | Improper Authorization (CWE-285)EPSS 0.4%CVE-2026-33735HIGHMyTube has an Improper Access Control that Allows Complete Application TakeoverEPSS 0.4%CVE-2025-2600MEDIUMImproper authorization in the variable component in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use the ELEPSS 0.4%CVE-2025-9760MEDIUMPortabilis i-Educar Matricula API matricula improper authorizationEPSS 0.4%CVE-2023-41673MEDIUMAn improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to reaEPSS 0.4%CVE-2026-4958LOWOpenBMB XAgent WebSocket Endpoint replayer.py ReplayServer.send_data authorizationEPSS 0.4%CVE-2025-4473HIGHFrontend Dashboard 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via ajax_request FunctionEPSS 0.4%