Fallos del tipo CWE-862
7045 resultadosCVE-2026-56402HIGHNanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response HandlerEPSS 0.2%CVE-2026-11364MEDIUMProduct Specifications for Woocommerce <= 0.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion via 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX ActionsEPSS 0.2%CVE-2025-12778MEDIUMUltimate Member Widgets for Elementor <= 2.3 - Missing Authorization to Unauthenticated Information ExposureEPSS 0.2%CVE-2026-53438MEDIUMA missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking IEPSS 0.2%CVE-2026-49385MEDIUMIn JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accountsEPSS 0.2%CVE-2025-63039MEDIUMWordPress ListingPro theme <= 2.9.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-25372MEDIUMWordPress Academy LMS plugin <= 3.5.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14540MEDIUMUserback <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Plugin's Configuration ExposureEPSS 0.2%CVE-2026-1948MEDIUMNEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_licenseEPSS 0.2%CVE-2024-23230MEDIUMThis issue was addressed with improved file handling. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5.EPSS 0.2%CVE-2025-29756HIGHMQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected invertersEPSS 0.2%CVE-2026-33305MEDIUMOpenEMR has Authorization Bypass in FaxSMS AppDispatch ConstructorEPSS 0.2%CVE-2025-25081MEDIUMWordPress Embed RSS plugin <= 3.1 - Arbitrary Shortcode Execution vulnerabilityEPSS 0.2%CVE-2026-1153MEDIUMtechnical-laohu mpay cross-site request forgeryEPSS 0.2%CVE-2026-25806MEDIUMPlaciPy has Missing Authorization Checks on Student Management Endpoints (IDOR)EPSS 0.2%CVE-2025-12481MEDIUMWP Duplicate Page <= 1.7 - Missing Authorization to Authenticated (Contributor+) Sensitive Information DisclosureEPSS 0.2%CVE-2026-57419MEDIUMWordPress Stock Locations for WooCommerce plugin <= 3.1.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-49872MEDIUMWordPress myCred plugin <= 2.9.4.2 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-49378MEDIUMIn JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletionEPSS 0.2%CVE-2026-23547HIGHWordPress CMSMasters Content Composer plugin <= 2.5.8 - Broken Access Control vulnerabilityEPSS 0.2%