Fallos del tipo CWE-862

6959 resultados
CVE-2025-12980HIGHPost Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.3 - Missing Authorization to Unauthenticated Sensitive Information ExposureEPSS 0.3%CVE-2026-24539MEDIUMWordPress Protección de datos – RGPD plugin <= 0.68 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-25348MEDIUMWordPress Download Alt Text AI plugin <= 1.10.15 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-1408MEDIUMProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests ManagementEPSS 0.3%CVE-2026-1720HIGHWowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation <= 1.4.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin InstallationEPSS 0.3%CVE-2026-59216HIGHOpen WebUI: Cross-user code-interpreter and tool execution via unvalidated Socket.IO event-caller session_idEPSS 0.3%CVE-2024-37176MEDIUMMissing Authorization check in SAP BW/4HANA Transformation and DTPEPSS 0.3%CVE-2024-13703MEDIUMCRM and Lead Management by vcita <= 2.7.5 - Missing Authorization to Authenticated (Susbcriber+) Widget ToggleEPSS 0.3%CVE-2024-53813MEDIUMWordPress WP Travel plugin <= 9.6.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-67563MEDIUMWordPress Post SMTP plugin <= 3.6.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-35552HIGHIn CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0, an authenticated remote user can invoke anEPSS 0.3%CVE-2025-59017MEDIUMBroken Access Control in Backend AJAX RoutesEPSS 0.3%CVE-2024-12244MEDIUMMissing Authorization in GitLabEPSS 0.3%CVE-2026-3462MEDIUMFrisbii Pay <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token ModificationEPSS 0.3%CVE-2026-4019MEDIUMComplianz – GDPR/CCPA Cookie Consent <= 7.4.5 - Missing Authorization to Unauthenticated Private Post Content Disclosure via Consent Area REST EndpointEPSS 0.3%CVE-2025-40837HIGHEricsson Indoor Connect 8855 - Missing Authorization VulnerabilityEPSS 0.3%CVE-2024-9671MEDIUMSystem: pdf invoices of the developer users can be seen if the url is knownEPSS 0.3%CVE-2025-57605HIGHLack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their priEPSS 0.3%CVE-2026-3977MEDIUMprojectsend AJAX Endpoints authorizationEPSS 0.3%CVE-2024-5607MEDIUMGDPR CCPA Compliance & Cookie Consent Banner <= 2.7.0 - Missing Authorization to Settings Update and Stored Cross-Site ScriptingEPSS 0.3%