Fallos del tipo CWE-862

6904 resultados
CVE-2026-13459MEDIUMJetFormBuilder <= 3.6.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via 'context' ParameterEPSS 0.3%CVE-2018-25391HIGHHaPe PKH 1.1 Missing Authorization Allows Unauthenticated Record DeletionEPSS 0.3%CVE-2025-48246MEDIUMWordPress The Events Calendar plugin <= 6.11.2.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-10186MEDIUMWhyDonate – FREE Donate button – Crowdfunding – Fundraising <= 4.0.15 - Missing Authorization to Unauthenticated wp_wdplugin_style Rww DeletionEPSS 0.3%CVE-2025-11985HIGHRealty Portal <= 0.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options UpdateEPSS 0.3%CVE-2024-37440MEDIUMWordPress Church Admin plugin <= 4.4.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-67942MEDIUMWordPress Peach Payments Gateway plugin <= 3.3.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-62046MEDIUMWordPress TheGem Demo Import (for WPBakery) plugin <= 5.10.5 - Arbitrary Content Deletion vulnerabilityEPSS 0.3%CVE-2026-49367HIGHIn JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user accountEPSS 0.3%CVE-2024-21751MEDIUMWordPress RabbitLoader plugin <= 2.19.13 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-11743MEDIUMSourceCodester Best House Rental Management System POST Request ajax.php cross-site request forgeryEPSS 0.3%CVE-2024-12713MEDIUMSureForms – Drag and Drop Form Builder for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post DisclosureEPSS 0.3%CVE-2026-44329CRITICALfree5GC: SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlersEPSS 0.3%CVE-2025-69052CRITICALWordPress Registration & Login with Mobile Phone Number for WooCommerce plugin <= 1.3.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-4105LOWAttachment of deleted message in a thread remains accessible and downloadable EPSS 0.3%CVE-2025-1681MEDIUMCardealer <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Change and Delete JS and CSS FilesEPSS 0.3%CVE-2024-33000LOWMissing Authorization check in SAP Bank Account ManagementEPSS 0.3%CVE-2025-32210MEDIUMWordPress CM Registration and Invitation Codes plugin <= 2.5.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-13368MEDIUMYouzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options UpdateEPSS 0.3%CVE-2024-7858MEDIUMMedia Library Folders <= 8.2.3 - Missing Authorization on Various FunctionsEPSS 0.3%