Fallos del tipo CWE-862

6960 resultados
CVE-2026-49291HIGHmcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/callEPSS 0.3%CVE-2026-24529MEDIUMWordPress Quick Restaurant Reservations plugin <= 1.6.7 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-39591MEDIUMMissing Authorization check in SAP Document BuilderEPSS 0.3%CVE-2024-6754MEDIUMSocial Auto Poster <= 5.3.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update via wpw_auto_poster_update_tweet_templateEPSS 0.3%CVE-2023-40209MEDIUMWordPress Highcompress Image Compressor plugin <= 6.0.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-32045MEDIUMMoodle: hidden grades shown to users without permission on some grade reportsEPSS 0.3%CVE-2025-53959HIGHIn JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possibleEPSS 0.3%CVE-2026-58176HIGHRuoYi-Vue-Plus - Missing Authorization on Workflow Task Management EndpointsEPSS 0.3%CVE-2025-48133MEDIUMWordPress Uncanny Automator plugin <= 6.4.0.2 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-49394HIGHWordPress Image Gallery block – Create and display photo gallery/photo album. plugin <= 1.0.7 - Broken Authentication vulnerabilityEPSS 0.3%CVE-2025-9484MEDIUMMissing Authorization in GitLabEPSS 0.3%CVE-2026-42763MEDIUMWordPress SePay Gateway plugin <= 1.1.20 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2025-10008MEDIUMTranslate WordPress and go Multilingual – Weglot <= 5.1 - Missing Authorization to Unauthenticated Limited Transient DeletionEPSS 0.3%CVE-2026-6512CRITICALInfusedWoo Pro <= 5.1.2 - Unauthenticated Missing Authorization to Arbitrary Post Deletion via Multiple ParametersEPSS 0.3%CVE-2025-3150MEDIUMitning Student Homework Management System cross-site request forgeryEPSS 0.3%CVE-2022-3451MEDIUMProduct Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX CallsEPSS 0.3%CVE-2026-21836MEDIUMHCL DominoIQ is affected by broken access controlEPSS 0.3%CVE-2025-66402HIGHmisskey.js's export data contains private post dataEPSS 0.3%CVE-2024-5987MEDIUMWP Accessibility Helper <= 0.6.2.8 - Missing Authorization to Authenticated (Subscriber+) Limited Settings UpdateEPSS 0.3%CVE-2025-22740MEDIUMWordPress Sensei LMS plugin <= 4.24.4 - Broken Access Control vulnerabilityEPSS 0.3%