Falhas do tipo CWE-863
2.111 resultadosCVE-2025-24141LOWAn authentication issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3. An attacker with physEPSS 0.2%CVE-2026-48781CRITICALPostiz has cross-tenant SUPERADMIN takeover via Skool-provider JWT forgeryEPSS 0.2%CVE-2025-15342MEDIUMTanium addressed an improper access controls vulnerability in Reputation.EPSS 0.2%CVE-2022-46704—A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey EPSS 0.2%CVE-2025-42939MEDIUMMissing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statements)EPSS 0.2%CVE-2026-41344MEDIUMOpenClaw < 2026.3.28 - Privilege Escalation via chat.send /verbose ParameterEPSS 0.2%CVE-2026-25729LOWDeepAudit Affected by User Enumeration via Broken Access ControlEPSS 0.2%CVE-2026-10815MEDIUMLakshayD02 Hostel-Management-System-PHP Admin Dashboard index.php authorizationEPSS 0.2%CVE-2026-39350MEDIUMIstio AuthorizationPolicy Incorrect Regex Matching of Dots in serviceAccounts Fields Allows Policy BypassEPSS 0.2%CVE-2026-40574MEDIUMOAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email ClaimsEPSS 0.2%CVE-2026-39957LOWLychee has Broken Access Control in SharingController::listAll() leaks private album sharing metadata to unauthorized usersEPSS 0.2%CVE-2024-44162HIGHThis issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 16. A malicious application may gain access to a user's EPSS 0.2%CVE-2025-62394MEDIUMMoodle: quiz notifications sent to suspended participantsEPSS 0.2%CVE-2025-6549MEDIUMJunos OS: SRX Series: J-Web can be exposed on additional interfacesEPSS 0.2%CVE-2026-5374MEDIUMrunZero Platform MCP information leakEPSS 0.2%CVE-2026-5384MEDIUMrunZero Platform incorrect credential scopeEPSS 0.2%CVE-2025-66424MEDIUMTryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.EPSS 0.2%CVE-2026-33014MEDIUMEVerest has Delayed Authorization Response Bypasses Termination After RemoteStopEPSS 0.2%CVE-2026-49376MEDIUMIn JetBrains TeamCity before 2026.1 insufficient username validation in the SAML pluginEPSS 0.2%CVE-2026-45297MEDIUMCross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatchEPSS 0.2%