Falhas do tipo CWE-863

2.111 resultados
CVE-2026-45042HIGHRustFS: UploadPartCopy Does Not Enforce Destination Bucket Policy on Copy SourceEPSS 0.2%CVE-2023-41994MEDIUMA logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14. A camera extension may be able to access the cameraEPSS 0.2%CVE-2026-8079HIGHUnintended limited set of actions with elevated privileges may be performed during PDF generation in Progress FlowmonEPSS 0.2%CVE-2026-45297MEDIUMCross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatchEPSS 0.2%CVE-2025-2424LOWLeaked Metadata of Deleted Files via Bookmark CreationEPSS 0.2%CVE-2025-62259MEDIUMLiferay Portal 7.4.0 through 7.4.3.109, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 9EPSS 0.2%CVE-2026-44850HIGHPortainer: Bind-mount restriction bypass via HostConfig.MountsEPSS 0.2%CVE-2026-40213HIGHOpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorEPSS 0.2%CVE-2026-10616MEDIUMnextlevelbuilder GoClaw Team Task Completion team_tasks_lifecycle.go TeamTasksTool.executeComplete authorizationEPSS 0.2%CVE-2025-1792LOWImproper Access Control in Mattermost Channel Member APIEPSS 0.2%CVE-2025-41078HIGHMultiple vulnerabilities in Viafirma productsEPSS 0.2%CVE-2026-32021MEDIUMOpenClaw < 2026.2.22 - Authorization Bypass via Display Name Collision in Feishu allowFromEPSS 0.2%CVE-2026-42883MEDIUMAudiobookshelf: Cross-library file exfiltration via unscoped bulk download endpointEPSS 0.2%CVE-2023-50886MEDIUMWordPress Legal Pages plugin <= 1.3.7 - CSRF + Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-3227MEDIUMUnauthorized channel member management through playbook runsEPSS 0.2%CVE-2024-27798HIGHAn authorization issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS EPSS 0.2%CVE-2026-32899MEDIUMOpenClaw < 2026.2.25 - Sender Policy Bypass in Slack Reaction and Pin Event HandlersEPSS 0.2%CVE-2026-2470MEDIUMPagelayer <= 2.0.9 - Incorrect Authorization to Authenticated (Contributor+) Mail Relay Configuration via 'contacts'EPSS 0.2%CVE-2022-28774Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.EPSS 0.2%CVE-2025-62189MEDIUMLogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploited, a non-administrative user may createEPSS 0.2%