Fallos del tipo CWE-862

7047 resultados
CVE-2024-47055MEDIUMSegment cloning doesn't have a proper permission checkEPSS 0.2%CVE-2026-23547HIGHWordPress CMSMasters Content Composer plugin <= 2.5.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-30929MEDIUMWordPress fluXtore plugin <= 1.6.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-62973MEDIUMWordPress BuddyForms plugin <= 2.9.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-59225MEDIUMOpen WebUI: Arena task endpoints can bypass underlying model access controlsEPSS 0.2%CVE-2025-54751HIGHWordPress PostX plugin <= 4.1.36 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2022-36404MEDIUMWordPress Simple SEO plugin <= 1.8.12 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-29012MEDIUMWordPress CF7 7 Mailchimp Add-on plugin < 2.4 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-49378MEDIUMIn JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletionEPSS 0.2%CVE-2026-2301MEDIUMPost Duplicator <= 3.0.8 - Missing Authorization to Authenticated (Contributor+) Protected Post Meta Insertion via 'customMetaData' ParameterEPSS 0.2%CVE-2025-15405MEDIUMPHPEMS cross-site request forgeryEPSS 0.2%CVE-2025-49872MEDIUMWordPress myCred plugin <= 2.9.4.2 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-48260MEDIUMWordPress GDPR CCPA Compliance Support plugin <= 2.7.3 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-1055MEDIUMK7 Security Anti-Malware: IOCTL in K7RKScan.sys Allows Arbitrary Termination of High-Privilege and System Processes by a Low-Privilege UserEPSS 0.2%CVE-2025-10305MEDIUMSecure Passkeys <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Passkey Exposure and DeletionEPSS 0.2%CVE-2025-5919MEDIUMAppointment Booking and Scheduling Calendar Plugin – WP Timetics <= 1.0.36 - Missing Authorization to Unauthenticated Booking Details View And ModificationEPSS 0.2%CVE-2026-5356HIGHLatePoint - Calendar Booking Plugin for Appointments and Events <= 5.4.0 - Unauthenticated Stripe PaymentIntent Amount-Binding BypassEPSS 0.2%CVE-2025-64294MEDIUMWordPress WP Snow Effect plugin <= 1.1.19 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-4881MEDIUMIn affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make serverEPSS 0.2%CVE-2023-25445MEDIUMWordPress HappyFiles Pro plugin <= 1.8.1 - Broken Access Control vulnerabilityEPSS 0.2%