Fallos del tipo CWE-862

6911 resultados
CVE-2025-30107HIGHOn IROAD V9 devices, Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties.EPSS 0.3%CVE-2024-11353MEDIUMSMS for Lead Capture Forms <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message DeletionEPSS 0.3%CVE-2023-39922MEDIUMWordPress Avada theme <= 7.11.1 - Authenticated Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-10897MEDIUMTutor LMS Elementor Addons <= 2.1.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin InstallationEPSS 0.3%CVE-2026-34024HIGHMissing authorization checks in Wertheim SafeController Software allow low-privileged users to access restricted functionsEPSS 0.3%CVE-2024-13439MEDIUMTeam – Team Members Showcase Plugin <= 4.4.9 - Missing Authorization to Authenticated (Subscriber+) Settings UpdateEPSS 0.3%CVE-2025-68069HIGHWordPress Directorist plugin <= 8.6.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-54218MEDIUMWordPress AIO Contact plugin <= 2.8.1 - Unauthenticated Plugin Settings Change vulnerabilityEPSS 0.3%CVE-2025-26764MEDIUMWordPress Distance Based Shipping Calculator plugin <= 2.0.22 - Settings Change vulnerabilityEPSS 0.3%CVE-2026-42137HIGHKirby: `pages.access/list` and `files.access/list` permissions are not consistently checked in the REST API and changes dialogEPSS 0.3%CVE-2025-61751HIGHVulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (comEPSS 0.3%CVE-2023-45765MEDIUMWordPress WP ERP plugin <= 1.12.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-24662MEDIUMWordPress LearnDash LMS Plugin <= 4.20.0.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-45110MEDIUMWordPress Bold Timeline Lite plugin <= 1.1.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-27457MEDIUMWeblate: Missing access control for the AddonViewSet API exposes all addon configurationsEPSS 0.3%CVE-2026-23990MEDIUMFlux Operator Web UI Impersonation Bypass via Empty OIDC ClaimsEPSS 0.3%CVE-2023-46612MEDIUMWordPress Mediabay plugin <= 1.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-13801HIGHBWL Advanced FAQ Manager <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options UpdateEPSS 0.3%CVE-2025-0952HIGHEco Nature - Environment & Ecology WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options UpdateEPSS 0.3%CVE-2026-2446CRITICALPowerpack for LearnDash < 1.3.0 - Unauthenticated Arbitrary Option UpdateEPSS 0.3%