Falhas do tipo CWE-863
2.089 resultadosCVE-2020-6214MEDIUMSAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Although the affected reporEPSS 0.6%CVE-2024-2915HIGHImproper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevatEPSS 0.6%CVE-2024-34701MEDIUMCreateWiki vulnerable to impersonation of wiki requesterEPSS 0.6%CVE-2023-28611CRITICALIncorrect authorization in OMICRON StationGuard 1.10 through 2.20 and StationScout 1.30 through 2.20 allows an attacker to bypass intended aEPSS 0.6%CVE-2024-44289HIGHA privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma EPSS 0.6%CVE-2022-22754MEDIUMIf a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt whEPSS 0.6%CVE-2022-25091MEDIUMInfopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthentiEPSS 0.6%CVE-2024-53949HIGHApache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabledEPSS 0.6%CVE-2023-25017HIGHRifartek IOT Wall - Broken Access ControlEPSS 0.6%CVE-2024-11670MEDIUMIncorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allowsEPSS 0.6%CVE-2024-1740CRITICALIncorrect Authorization in lunary-ai/lunaryEPSS 0.6%CVE-2025-6892HIGHAn Incorrect Authorization vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authenticaEPSS 0.6%CVE-2021-34648MEDIUMNinja Forms <= 3.5.7 Unprotected REST-API to Email InjectionEPSS 0.6%CVE-2022-31168MEDIUMZulip Server insufficient authorization for changing bot rolesEPSS 0.6%CVE-2026-47101HIGHLiteLLM < 1.83.14 Privilege Escalation via API Key GenerationEPSS 0.6%CVE-2022-0762MEDIUMIncorrect Authorization in microweber/microweberEPSS 0.6%CVE-2025-20674CRITICALIn wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalatioEPSS 0.6%CVE-2025-49586HIGHXWiki allows remote code execution through preview of XClass changes in AWM editorEPSS 0.6%CVE-2025-24409HIGHAdobe Commerce | Incorrect Authorization (CWE-863)EPSS 0.6%CVE-2020-8142—A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144. Revive AdserEPSS 0.6%