Falhas do tipo CWE-285
1.302 resultadosCVE-2025-66291MEDIUMOrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview AttachmentsEPSS 0.2%CVE-2026-39347MEDIUMOrangeHRM's Self‑Appraisal Submission of Admin Users Can Be Modified After CompletionEPSS 0.2%CVE-2025-43403MEDIUMAn authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOSEPSS 0.2%CVE-2025-10736MEDIUMReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.10 - Incorrect Authorization to Unauthenticated Information Exposure and Data ManipulationEPSS 0.2%CVE-2026-33074MEDIUMDiscourse: Vulnerability in discourse-subscriptions plugin allowing users to self-grant to higher tier subscriptionsEPSS 0.2%CVE-2023-42973MEDIUMPrivate Browsing tabs may be accessed without authentication. This issue is fixed in iOS 17 and iPadOS 17. The issue was addressed with imprEPSS 0.2%CVE-2025-66290MEDIUMOrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Candidate AttachmentsEPSS 0.2%CVE-2026-49338HIGHSubsonic API: any authenticated user can delete or read any other user's playlist (IDOR)EPSS 0.2%CVE-2023-28385HIGHImproper authorization in the Intel(R) NUC Pro Software Suite for Windows before version 2.0.0.9 may allow a privileged user to potentially EPSS 0.2%CVE-2022-36870MEDIUMPending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global aEPSS 0.2%CVE-2023-2782MEDIUMSensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Infrastructure (ACI) befoEPSS 0.2%CVE-2022-36871MEDIUMPending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackeEPSS 0.2%CVE-2026-32692HIGHUnauthorized update of out-of-scope Vault secretsEPSS 0.2%CVE-2023-25517HIGH
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources fEPSS 0.2%CVE-2022-36872MEDIUMPending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackEPSS 0.2%CVE-2023-26466HIGHA user with non-Admin access can change a configuration file on the client to modify the Server URL.EPSS 0.2%CVE-2025-53709MEDIUMAccess control issues impacting secure-upload serviceEPSS 0.2%CVE-2026-13508MEDIUMkhoj-ai khoj Conversation Sharing api_chat.py authorizationEPSS 0.2%CVE-2022-4062HIGHA CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gEPSS 0.2%CVE-2025-2528LOWImproper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user to
use EPSS 0.2%