Falhas do tipo CWE-289
29 resultadosCVE-2024-34519MEDIUMAvantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashbEPSS 0.4%CVE-2023-51663MEDIUMHail authentication can be bypassed by changing email addressEPSS 0.4%CVE-2026-23903MEDIUMApache Shiro: Auth bypass when accessing static files only on case-insensitive filesystemsEPSS 0.4%CVE-2025-14777MEDIUMKeycloak: keycloak idor in realm client creating/deletingEPSS 0.3%CVE-2025-8415MEDIUMCryostat: authentication bypass if network policies are disabledEPSS 0.3%CVE-2026-43617MEDIUMRsync < 3.4.3 Authorization Bypass via Hostname ResolutionEPSS 0.3%CVE-2025-60375HIGHThe authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validatEPSS 0.3%CVE-2025-64521MEDIUMauthentik deactivated service accounts can authenticate to OAuthEPSS 0.2%CVE-2025-64343HIGH(conda) Constructor: Excessive permissions during and after installationEPSS 0.1%