Fallos del tipo CWE-862
7019 resultadosCVE-2026-44734MEDIUMOpenProject: Improper Access Control on OpenProject through the POST request to /projects/[PROJECT_NAME]/cost_reports/[REPORT_ID]/renameEPSS 0.2%CVE-2025-58795MEDIUMWordPress Payoneer Checkout Plugin <= 3.4.0 - Content Spoofing VulnerabilityEPSS 0.2%CVE-2024-13715MEDIUMzStore Manager Basic <= 3.311 - Missing Authorization to Authenticated (Subscriber+) Cache ClearingEPSS 0.2%CVE-2025-0515MEDIUMBuzz Club – Night Club, DJ and Music Festival Event WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Option UpdateEPSS 0.2%CVE-2026-2720MEDIUMHr Press Lite <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information ExposureEPSS 0.2%CVE-2026-57949HIGHruoyi-vue-pro - Missing Authorization in CRM Follow-up Record GET EndpointEPSS 0.2%CVE-2025-13404MEDIUMatec Duplicate Page & Post <= 1.2.20 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication and Data ExposureEPSS 0.2%CVE-2026-48971MEDIUMWordPress Product Import Export for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-4105MEDIUMSplitit <= 4.2.8 - Missing Authorization to Multiple Administrative ActionsEPSS 0.2%CVE-2026-56695HIGHOpenHarness - Cross-Session Disclosure via /resume and /summary CommandsEPSS 0.2%CVE-2026-28424MEDIUMStatamic's missing authorization allows access to email addressesEPSS 0.2%CVE-2026-29072HIGHDiscourse missing permission check for policy creation in discourse-policyEPSS 0.2%CVE-2025-8739MEDIUMzhenfeng13 My-Blog save cross-site request forgeryEPSS 0.2%CVE-2025-54705MEDIUMWordPress WpEvently plugin <= 4.4.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-27357MEDIUMWordPress WP Search Analytics plugin < 1.5.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-27398MEDIUMWordPress RSVP and Event Management plugin <= 2.7.16 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-49822HIGHFission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillanceEPSS 0.2%CVE-2026-56668HIGHZITADEL: Unauthorized Token Privilege Escalation in OAuth2 Token ExchangeEPSS 0.2%CVE-2025-14067MEDIUMEasy Form Builder <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Response Data ExposureEPSS 0.2%CVE-2025-12898MEDIUMPretty Google Calendar <= 2.0.0 - Missing Authorization to Unauthenticated Google API Key ExposureEPSS 0.2%