Falhas do tipo CWE-863
2.089 resultadosCVE-2024-44270HIGHA logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. EPSS 0.7%CVE-2024-2698HIGHFreeipa: delegation rules allow a proxy service to impersonate any user to access another target serviceEPSS 0.7%CVE-2025-21479HIGHIncorrect Authorization in GraphicsEPSS 0.7%KEVCVE-2026-41283CRITICALOpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code executiEPSS 0.7%CVE-2021-24281—Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Post DeletionEPSS 0.7%CVE-2022-22157HIGHJunos OS: SRX Series: Traffic classification vulnerability when 'no-syn-check' is enabledEPSS 0.7%CVE-2023-0952MEDIUMImproper access controls on entries in Devolutions Server
2022.3.12 and earlier could allow an authenticated user to access
sensitive dataEPSS 0.7%CVE-2023-32353—A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privilegeEPSS 0.7%CVE-2024-31452HIGHOpenFGA Authorization BypassEPSS 0.7%CVE-2022-41962LOWBigBlueButton contains Incorrect Authorization for setting emoji statusEPSS 0.7%CVE-2021-20306—A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any authenticated user from any project can see the name of Ruleflow GroupEPSS 0.7%CVE-2024-1479MEDIUMWP Show Posts <= 1.1.4 - Information ExposureEPSS 0.7%CVE-2022-40816MEDIUMZammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not abEPSS 0.7%CVE-2023-20877HIGHVMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform cEPSS 0.7%CVE-2024-44765MEDIUMAn Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilEPSS 0.7%CVE-2023-38218HIGHIncorrect Authorization - Customer account takeoverEPSS 0.7%CVE-2026-28790HIGHOliveTin: Unauthenticated Action Termination via KillAction When Guests Must LoginEPSS 0.7%CVE-2022-36009MEDIUMIncorrect parsing of access level in gomatrixserverlib and dendriteEPSS 0.7%CVE-2022-45383MEDIUMAn incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle pEPSS 0.6%CVE-2024-7039HIGHImproper Privilege Management in open-webui/open-webuiEPSS 0.6%