Falhas do tipo CWE-863
2.089 resultadosCVE-2023-52077HIGHExternal apps using tokens issued by administrators and moderators can call admin APIsEPSS 0.7%CVE-2021-24652—PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access ControlsEPSS 0.7%CVE-2021-24207—WP Page Builder < 1.2.4 - Insecure default configuration Allows Subscribers Editing Access to PostsEPSS 0.7%CVE-2023-28352HIGHAn issue was discovered in Faronics Insight 10.0.19045 on Windows. By abusing the Insight UDP broadcast discovery system, an attacker-controEPSS 0.7%CVE-2022-29619—Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit oEPSS 0.7%CVE-2024-21083HIGHVulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Script Engine). Supported versions that are affected are 7EPSS 0.7%CVE-2020-1725—A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappingsEPSS 0.7%CVE-2022-20928MEDIUMA vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance (ASA) Software and FiEPSS 0.7%CVE-2024-21260HIGHVulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected areEPSS 0.7%CVE-2026-2293HIGHNestJS 11.1.13 - Lack of data validation allowing authentication/authorization bypassEPSS 0.7%CVE-2023-25729HIGHPermission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to opeEPSS 0.7%CVE-2023-51761HIGHEmerson Rosemount GC370XA, GC700XA, GC1500XA Improper AuthenticationEPSS 0.7%CVE-2024-25108CRITICALInsufficient authorization allowing elevated access to resources in pixelfedEPSS 0.7%CVE-2023-48712HIGHUser authorization bug leading to privilege escalation in warpgateEPSS 0.7%CVE-2022-23615MEDIUMPartial authorization bypass on document save in xwiki-platformEPSS 0.7%CVE-2023-25923LOWIBM Security Key Lifecycle Manager denial of serviceEPSS 0.7%CVE-2024-23255CRITICALAn authentication issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. PhEPSS 0.7%CVE-2023-23947CRITICALArgo CD users with any cluster secret update access may update out-of-bounds cluster secretsEPSS 0.7%CVE-2022-22167HIGHJunos OS: SRX Series: If no-syn-check is enabled, traffic classified as UNKNOWN gets permitted by pre-id-default-policyEPSS 0.7%CVE-2026-43999CRITICALvm2: NodeVM builtin allowlist bypass via `module` builtin's `Module._load` allows sandbox escapeEPSS 0.7%