Fallos del tipo CWE-862

7039 resultados
CVE-2026-10779MEDIUMClassified Listing <= 5.4.2 - Missing Authorization to Authenticated (Subscriber+) Feature Modification via Multiple AJAX Handlers ('listingId'/'id' Parameters)EPSS 0.2%CVE-2025-64254LOWWordPress Photo Block plugin <= 1.5.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-57649MEDIUMWordPress Shoppable Images Lite plugin <= 1.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-67737LOWAzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCEEPSS 0.2%CVE-2026-49054MEDIUMWordPress The Post Grid plugin <= 7.9.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-53634MEDIUMSharp: Missing Authorization Check in Quick Creation Command EndpointsEPSS 0.2%CVE-2025-43311MEDIUMThis issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. AEPSS 0.2%CVE-2025-25241MEDIUMMissing Authorization check in SAP Fiori Apps Reference Library (My Overtime Requests)EPSS 0.2%CVE-2025-64370MEDIUMWordPress YOP Poll plugin <= 6.5.38 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-54840HIGHWordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-48167MEDIUMWordPress Chatbox Manager plugin <= 1.2.5 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-34261MEDIUMMissing Authorization check in SAP Business Analytics and SAP Content ManagementEPSS 0.2%CVE-2026-1003MEDIUMGetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools <= 4.3.0 - Missing Authorization to Authenticated (Author+) Arbitrary Post DeletionEPSS 0.2%CVE-2026-45085MEDIUMDiscourse: Chat misauthorization and information disclosureEPSS 0.2%CVE-2022-46845MEDIUMWordPress Slider a SlidersPack plugin <= 2.0.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-49385MEDIUMIn JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accountsEPSS 0.2%CVE-2026-49045MEDIUMWordPress Adminimize plugin <= 1.11.11 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-11364MEDIUMProduct Specifications for Woocommerce <= 0.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion via 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX ActionsEPSS 0.2%CVE-2026-53438MEDIUMA missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking IEPSS 0.2%CVE-2026-34050MEDIUMCoolify Settings/Updates Livewire component missing instance administrator authorizationEPSS 0.2%