Falhas do tipo CWE-862

6.730 resultados
CVE-2019-3879MEDIUMIt was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the peEPSS 1.9%CVE-2025-1307CRITICALNewscrunch <= 1.8.4 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 1.9%CVE-2021-4368CRITICALFrontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File UploadEPSS 1.9%CVE-2015-10143CRITICALPlatform < 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Options UpdateEPSS 1.8%CVE-2021-27857HIGHFatPipe software allows unauthenticated configuration downloadEPSS 1.8%CVE-2024-12365HIGHW3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request ForgeryEPSS 1.7%CVE-2026-24421MEDIUMphpMyFAQ missing authorization exposes /api/setup/backup to any authenticated userEPSS 1.7%CVE-2022-29176CRITICALUnauthorized gem takeover for some gems on rubygems.orgEPSS 1.7%CVE-2025-5701HIGHHyperComments <= 1.2.2 - Unauthenticated (Subscriber+) Arbitrary Options UpdateEPSS 1.7%CVE-2017-7530HIGHIn CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitEPSS 1.7%CVE-2024-47308MEDIUMWordPress Templately plugin <= 3.1.2 - Broken Access Control vulnerabilityEPSS 1.7%CVE-2026-40502HIGHOpenHarness Remote Administrative Command Injection via Gateway HandlerEPSS 1.7%CVE-2024-10674HIGHTh Shop Mania <= 1.4.9 - Authenticated (Subscriber+) Arbitrary Plugin Installation/ActivationEPSS 1.7%CVE-2019-6580A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), SivEPSS 1.7%CVE-2021-39232Missing admin check for SCM related admin commandsEPSS 1.6%CVE-2024-10629HIGHGPX Viewer <= 2.2.9 - Authenticated (Subscriber+) Arbitrary File CreationEPSS 1.6%CVE-2024-50967MEDIUMThe /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remEPSS 1.6%CVE-2021-27859HIGHMissing authorization vulnerability in FatPipe softwareEPSS 1.6%CVE-2021-27855HIGHFatPipe software allows privilege escalationEPSS 1.6%CVE-2020-25718A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This EPSS 1.6%