Fallos del tipo CWE-862
7018 resultadosCVE-2020-10746—A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both RESEPSS 0.2%CVE-2025-12093MEDIUMVoidek Employee Portal <= 1.0.7 - Missing AuthorizationEPSS 0.2%CVE-2025-48150MEDIUMWordPress Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin plugin <= 4.48 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-62071MEDIUMWordPress Social proof testimonials and reviews by Repuso plugin <= 5.29 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-12362MEDIUMmyCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program <= 2.9.7 - Missing Authorization to Unauthenticated Withdrawal Request ApprovalEPSS 0.2%CVE-2026-56213MEDIUMCapgo - Unauthenticated Cross-Tenant Metrics Poisoning via upsert_version_meta RPCEPSS 0.2%CVE-2025-64251MEDIUMWordPress Ultimate Learning Pro plugin <= 3.9.3 - Arbitrary Content Deletion vulnerabilityEPSS 0.2%CVE-2026-33934MEDIUMOpenEMR's Missing Authorization in show-signature.php Allows Portal Patients to Read Staff SignaturesEPSS 0.2%CVE-2026-32489MEDIUMWordPress B Blocks plugin < 2.0.30 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-24534MEDIUMWordPress Booter plugin <= 1.5.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-53730HIGHDataEase: Unauthorized Access to Engine Database via previewSql EndpointEPSS 0.2%CVE-2025-1528MEDIUMSearch and filter pro <= 2.5.19 - Missing Authorization to Authenticated (Subscriber+) Post Meta ExposureEPSS 0.2%CVE-2025-49339MEDIUMWordPress Direct Payments WP plugin <= 1.3.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-3863MEDIUMPost Carousel Slider for Elementor <= 1.6.0 - Authenticated (Subscriber+) Missing Authorization via process_wbelps_promo_form FunctionEPSS 0.2%CVE-2025-49971MEDIUMWordPress eDS Responsive Menu plugin <= 1.2 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-32658HIGHDell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote acEPSS 0.2%CVE-2025-11370MEDIUMDepicter <= 4.0.7 - Missing Authorization to Unauthenticated Display Rule UpdatesEPSS 0.2%CVE-2025-66080MEDIUMWordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14272HIGHRockwell Automation FactoryTalk Analytics PavilionXEPSS 0.2%CVE-2026-59853MEDIUMSiYuan: Publish-mode Reader can exfiltrate private saved-search Criteria via /api/storage/getCriteria (missing publish-access filter)EPSS 0.2%