Fallos del tipo CWE-862

7048 resultados
CVE-2026-4881MEDIUMIn affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make serverEPSS 0.2%CVE-2026-5356HIGHLatePoint - Calendar Booking Plugin for Appointments and Events <= 5.4.0 - Unauthenticated Stripe PaymentIntent Amount-Binding BypassEPSS 0.2%CVE-2026-39595MEDIUMWordPress W3 Total Cache plugin <= 2.9.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-64294MEDIUMWordPress WP Snow Effect plugin <= 1.1.19 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2023-25445MEDIUMWordPress HappyFiles Pro plugin <= 1.8.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-5919MEDIUMAppointment Booking and Scheduling Calendar Plugin – WP Timetics <= 1.0.36 - Missing Authorization to Unauthenticated Booking Details View And ModificationEPSS 0.2%CVE-2025-3997MEDIUMdazhouda lecms Personal Information Page index.php cross-site request forgeryEPSS 0.2%CVE-2025-50039MEDIUMWordPress VG WORT METIS plugin <= 2.0.1 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-58635MEDIUMWordPress Support Genix Plugin <= 1.4.23 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-25391MEDIUMWordPress WP Wand plugin <= 1.3.07 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-40185HIGHMissing Authorization on Immich Trip Photo Routes in TREKEPSS 0.2%CVE-2026-0929MEDIUMRegistrationMagic < 6.0.7.2 - Subscriber+ Form CreationEPSS 0.2%CVE-2026-33708MEDIUMChamilo LMS has REST API PII Exposure via get_user_info_from_usernameEPSS 0.2%CVE-2025-62098MEDIUMWordPress Portfolio Gallery plugin <= 1.4.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-10583LOWWP Fastest Cache Premium <= 1.7.4 - Missing Authorization to Authenticated (Subscriber+) Blind Server-Side Request ForgeryEPSS 0.2%CVE-2025-50032MEDIUMWordPress Paytiko for WooCommerce plugin <= 1.3.21 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-2312MEDIUMMedia Library Folders <= 8.3.6 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Attachment Deletion and RenameEPSS 0.2%CVE-2026-24313MEDIUMMissing Authorization check in SAP Solution Tools Plug-In (ST-PI)EPSS 0.2%CVE-2026-25327MEDIUMWordPress Five Star Restaurant Reservations plugin <= 2.7.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-12411HIGHBroken Access Control in Canonical LXD DevLXD APIEPSS 0.2%