Fallos del tipo CWE-862

7021 resultados
CVE-2026-45244LOWSummarize < 0.15.1 Unapproved Browser Automation ExecutionEPSS 0.2%CVE-2025-66083MEDIUMWordPress WpEvently plugin <= 5.0.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-28380MEDIUMBAC in Snapshot API allows deletion of unauthorized dashboard snapshotsEPSS 0.2%CVE-2026-33915MEDIUMOpenEMR Missing ACL Checks on Insurance Company API RoutesEPSS 0.2%CVE-2025-14948MEDIUMminiOrange OTP Verification and SMS Notification for WooCommerce <= 4.3.8 - Missing Authorization to Unauthenticated Notification Settings ModificationEPSS 0.2%CVE-2025-13529MEDIUMUnify <= 3.4.9 - Missing Authorization to Unauthenticated Option Deletion via 'unify_plugin_downgrade' ParameterEPSS 0.2%CVE-2025-14061MEDIUMCookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent <= 4.0.7 - Missing Authorization to Unauthenticated Arbitrary Post DeletionEPSS 0.2%CVE-2026-9237MEDIUMEmployee, Leave and Recruitment Management System <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Job Deletion via crewhrm_singleJobAction AJAX ActionEPSS 0.2%CVE-2025-47565MEDIUMWordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66077MEDIUMWordPress Legal Pages plugin <= 1.4.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-49974MEDIUMWordPress UpStream: a Project Management Plugin for WordPress plugin <= 2.1.1 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-49982MEDIUMWordPress WP Customer Area plugin <= 8.3.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-64139MEDIUMA missing permission check in Jenkins Start Windocks Containers Plugin 1.4 and earlier allows attackers with Overall/Read permission to connEPSS 0.2%CVE-2025-5812MEDIUMVG WORT METIS <= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Limited Settings UpdateEPSS 0.2%CVE-2026-9172MEDIUMDevs Accounting <= 1.2.0 - Missing Authorization to Unauthenticated Account Deletion via /delete-account/ REST EndpointEPSS 0.2%CVE-2025-8488MEDIUMUltimate Addons for Elementor (Formerly Elementor Header & Footer Builder) <= 2.4.6 - Missing Authorization to Authenticated (Subscriber+) Limited Settings UpdateEPSS 0.2%CVE-2025-64142MEDIUMA missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect toEPSS 0.2%CVE-2025-14755MEDIUMCost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object ReferenceEPSS 0.2%CVE-2025-64369MEDIUMWordPress Contact Form Email plugin <= 1.3.58 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-8778MEDIUMNitroPack <= 1.18.4 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update via nitropack_set_compression_ajax FunctionEPSS 0.2%