Fallos del tipo CWE-862

6911 resultados
CVE-2024-9860MEDIUMBridge Core <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Demo ImportEPSS 0.3%CVE-2023-45765MEDIUMWordPress WP ERP plugin <= 1.12.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-47692MEDIUMWordPress Flo Forms plugin <= 1.0.41 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-62924MEDIUMWordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-0814MEDIUMAdvanced CF7 DB <= 2.0.9 - Missing Authorization to Authenticated (Subscriber+) Form Submissions Excel ExportEPSS 0.3%CVE-2025-26764MEDIUMWordPress Distance Based Shipping Calculator plugin <= 2.0.22 - Settings Change vulnerabilityEPSS 0.3%CVE-2026-20888MEDIUMGitea Pull Requests Auto-Merge: Read-Only Users Can Cancel Scheduled Auto-Merge via Web Endpoint (Authorization Bypass)EPSS 0.3%CVE-2023-46612MEDIUMWordPress Mediabay plugin <= 1.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-13541MEDIUMaDirectory – WordPress Directory Listing Plugin <= 2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post DeletionEPSS 0.3%CVE-2023-45110MEDIUMWordPress Bold Timeline Lite plugin <= 1.1.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-23990MEDIUMFlux Operator Web UI Impersonation Bypass via Empty OIDC ClaimsEPSS 0.3%CVE-2026-42137HIGHKirby: `pages.access/list` and `files.access/list` permissions are not consistently checked in the REST API and changes dialogEPSS 0.3%CVE-2025-62037MEDIUMWordPress Togo theme < 1.0.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-53345HIGHWordPress Thim Core plugin <= 2.3.3 - Arbitrary Plugin Installation vulnerabilityEPSS 0.3%CVE-2026-39910CRITICALSTACKIT IaaS API Privilege Escalation via Service Account AttachmentEPSS 0.3%CVE-2025-26374MEDIUMA CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allEPSS 0.3%CVE-2025-11369MEDIUMEssential Blocks <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information DisclosureEPSS 0.3%CVE-2026-22485MEDIUMWordPress My Album Gallery plugin <= 1.0.4 - Arbitrary File Deletion vulnerabilityEPSS 0.3%CVE-2026-3570MEDIUMSmarter Analytics <= 2.0 - Missing Authorization to Unauthenticated Plugin Settings Reset via 'reset' ParameterEPSS 0.3%CVE-2026-56341HIGHAVideo - Unauthenticated Access to Payment Log DataTables Endpoints via list.json.phpEPSS 0.3%