Falhas do tipo CWE-863

2.110 resultados
CVE-2026-3115MEDIUMGuest users can view group member IDs without respecting view restrictionsEPSS 0.2%CVE-2021-4275MEDIUMkatlings pyambic-pentameter cross-site request forgeryEPSS 0.2%CVE-2026-8823LOWUser Manager can demote bot accounts to guest without bot-management permissionEPSS 0.2%CVE-2022-34397MEDIUM Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypassEPSS 0.2%CVE-2026-40515HIGHOpenHarness Permission Bypass via grep and glob root argumentEPSS 0.2%CVE-2025-31227MEDIUMA logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker with physical access to a devEPSS 0.2%CVE-2025-10908HIGHAccount Lock Bypass via Magic Link or Pass Key Authentication in WSO2 Identity Server Allows Unauthorized AccessEPSS 0.2%CVE-2023-6400HIGHIncorrect user authorization vulnerability on OpenText ZENworks Configuration Management (ZCM) product.EPSS 0.2%CVE-2026-44567HIGHOpen WebUI: Open WebUI Improper Authorization ControlEPSS 0.2%CVE-2026-29195MEDIUMNetmaker: Privilege Escalation from Admin to Super-Admin via User UpdateEPSS 0.2%CVE-2025-41423LOWUnauthorized Playbooks Post Deletion in Mattermost Playbooks PluginEPSS 0.2%CVE-2025-2564MEDIUMUnauthorized View Access to Archived Channel Member InfoEPSS 0.2%CVE-2026-26274MEDIUMOctober: Safe Mode Bypass via Twig Database Write OperationsEPSS 0.2%CVE-2024-22316MEDIUMIBM Sterling File Gateway improper access controlEPSS 0.2%CVE-2025-27213MEDIUMAn Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug BEPSS 0.2%CVE-2026-54358HIGHMISP organization administrators can target site administrator accounts for password resetEPSS 0.2%CVE-2026-33249MEDIUMNATS: Message tracing can be redirected to arbitrary subjectEPSS 0.2%CVE-2026-2465HIGHImproper Authorization in E-Kalite's Turboard FOR-SEPSS 0.2%CVE-2025-15513MEDIUMFloat Payment Gateway <= 1.1.9 - Improper Authorization to Unauthenticated Order Status ManipulationEPSS 0.2%CVE-2021-37409HIGHImproper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enablEPSS 0.2%