Falhas do tipo CWE-285

1.302 resultados
CVE-2026-33398HIGHAuthenticated users can read hidden forum posts through `/forum/get_quotes`EPSS 0.2%CVE-2025-65028MEDIUMRallly Has an IDOR Vulnerability in Vote Update Endpoint Allows Unauthorized Manipulation of Participant VotesEPSS 0.2%CVE-2025-15118MEDIUMmacrozheng mall Member Endpoint update improper authorizationEPSS 0.2%CVE-2026-4013MEDIUMSourceCodester Web-based Pharmacy Product Management System add_admin.php improper authorizationEPSS 0.2%CVE-2026-8743MEDIUMOpen5GS AMF/MME context.c ran_ue_find_by_amf_ue_ngap_id improper authorizationEPSS 0.2%CVE-2021-25352MEDIUMUsing PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijackinEPSS 0.2%CVE-2021-25433Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications tEPSS 0.2%CVE-2026-10154MEDIUMDolibarr ERP CRM messaging.php authorizationEPSS 0.2%CVE-2026-10294MEDIUMPackageKit API pk-transaction.c g_file_test improper authorizationEPSS 0.2%CVE-2025-68481MEDIUMFastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSOEPSS 0.2%CVE-2026-56320HIGHCapgo - Org/App Scope Mismatch in Device Creation EndpointEPSS 0.2%CVE-2020-1690An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a containerEPSS 0.2%CVE-2025-65031MEDIUMRallly Improper Authorization in Comment Endpoint Allows User ImpersonationEPSS 0.2%CVE-2026-13511LOWVoltAgent Memory REST API memory.handlers.ts handleGetMemoryConversation improper authorizationEPSS 0.2%CVE-2024-24900MEDIUMDell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low priEPSS 0.2%CVE-2025-12005MEDIUMWP VR – 360 Panorama and Free Virtual Tour Builder For WordPress <= 8.5.41 - Improper Authorization to Authenticated (Contributor+) Plugin Settings UpdateEPSS 0.2%CVE-2025-10902MEDIUMOriginality.ai AI Checker <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Scan Log Deletion via ' ai_scan_result_remove'EPSS 0.2%CVE-2025-62520MEDIUMMantisBT unauthorized disclosure of private project column configurationEPSS 0.2%CVE-2026-13512MEDIUMDatabend Tenant client_session_manager.rs state_key authorizationEPSS 0.2%CVE-2025-12435MEDIUMIncorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a cEPSS 0.2%