Falhas do tipo CWE-863
2.093 resultadosCVE-2026-22806CRITICALvCluster Platform's Access Keys Allows Access Beyond ScopeEPSS 0.4%CVE-2024-57434HIGHmacrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a supeEPSS 0.4%CVE-2023-1979MEDIUMAuth bypass in Web Stories for WordPress pluginEPSS 0.4%CVE-2026-40350HIGHMovary User Management (/settings/users) has Authorization Bypass that Allows Low-Privileged Users to Enumerate All Users and Create Administrator AccountsEPSS 0.4%CVE-2024-45131MEDIUMAdobe Commerce | Incorrect Authorization (CWE-863)EPSS 0.4%CVE-2023-37491HIGHImproper Authorization check vulnerability in SAP Message ServerEPSS 0.4%CVE-2023-4532MEDIUMIncorrect Authorization in GitLabEPSS 0.4%CVE-2026-32042HIGHOpenClaw < 2026.2.25 - Privilege Escalation via Unpaired Device Identity in Shared Gateway AuthenticationEPSS 0.4%CVE-2023-1202MEDIUMPermission bypass when importing or synchronizing entries in User vault
in Devolutions Remote Desktop Manager 2023.1.9 and prior versions EPSS 0.4%CVE-2024-39323HIGHaimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin accountEPSS 0.4%CVE-2022-27551MEDIUMHCL Launch could allow an authenticated user to obtain sensitive information (CVE-2022-27551)EPSS 0.4%CVE-2026-41280MEDIUMApache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projectsEPSS 0.4%CVE-2025-55205CRITICALCapsule tenant owners with "patch namespace" permission can hijack system namespaces labelEPSS 0.4%CVE-2024-21282HIGHVulnerability in the Oracle Financials product of Oracle E-Business Suite (component: Common Components). Supported versions that are affecEPSS 0.4%CVE-2024-10043LOWIncorrect Authorization in GitLabEPSS 0.4%CVE-2024-46918CRITICALapp/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of aEPSS 0.4%CVE-2026-34660CRITICALAdobe Connect | Incorrect Authorization (CWE-863)EPSS 0.4%CVE-2024-21278HIGHVulnerability in the Oracle Contract Lifecycle Management for Public Sector product of Oracle E-Business Suite (component: Award Processes).EPSS 0.4%CVE-2026-23982HIGHApache Superset: Improper Authorization in Dataset Creation Allows Access Control BypassEPSS 0.4%CVE-2026-25232HIGHGogs has a Protected Branch Deletion Bypass in Web InterfaceEPSS 0.4%