Fallos del tipo CWE-862

6960 resultados
CVE-2026-50026MEDIUMFrappe: Lack of permissions checks in 'relink' and 'set_email_password' endpointsEPSS 0.3%CVE-2024-42372MEDIUMMissing Authorization check in SAP NetWeaver AS Java (System Landscape Directory)EPSS 0.3%CVE-2026-6834HIGHaEnrich|a+HRD - Missing AuthorizationEPSS 0.3%CVE-2026-1906MEDIUMPDF Invoices & Packing Slips for WooCommerce <= 5.6.0 - Missing Authorization to Authenticated (Subscriber+) Peppol Identifier ModificationEPSS 0.3%CVE-2026-24575MEDIUMWordPress WishList Member X plugin <= 3.29.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-57622MEDIUMWordPress WPCafe plugin <= 3.0.14 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-3964MEDIUMwithstars Books-Management-System Article del cross-site request forgeryEPSS 0.3%CVE-2025-15235HIGHQuanta Computer|QOCA aim AI Medical Cloud Platform - Missing AuthorizationEPSS 0.3%CVE-2026-59227MEDIUMOpen WebUI: POST /api/v1/images/edit bypasses the global image-edit switch and the per-user image-generation permissionEPSS 0.3%CVE-2025-3979MEDIUMdazhouda lecms Password Change index.php cross-site request forgeryEPSS 0.3%CVE-2025-4571MEDIUMGiveWP – Donation Plugin and Fundraising Platform <= 4.3.0 - Missing Authorization To Authenticated (Contributor+) Campaign Data View And ModificationEPSS 0.3%CVE-2025-62944MEDIUMWordPress MSTW CSV EXPORTER plugin <= 1.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-22770MEDIUMWordPress Envo Multipurpose theme <= 1.1.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-3959MEDIUMwithstars Books-Management-System reader_delete.html cross-site request forgeryEPSS 0.3%CVE-2026-26741HIGHPX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mEPSS 0.3%CVE-2023-22836LOWIn cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes the linter name from the default value, the renamed value may be visible to the rest of the stack’s tenants.EPSS 0.3%CVE-2025-57936MEDIUMWordPress Subresource Integrity (SRI) Manager Plugin <= 0.4.0 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-31879MEDIUMWordPress Barcode Generator for WooCommerce plugin <= 2.0.4 - Settings Change vulnerabilityEPSS 0.3%CVE-2026-7368HIGHYarbo Android/iOS Mobile Application and Cloud Infrastructure Missing AuthorizationEPSS 0.3%CVE-2025-31878MEDIUMWordPress UPC/EAN/GTIN Code Generator plugin <= 2.0.2 - Settings Change vulnerabilityEPSS 0.3%