Fallos del tipo CWE-862

6730 resultados

CVE-2022-1442HIGHMetform Elementor Contact Form Builder <= 2.1.3 - Sensitive Information DisclosureEPSS 9.1%CVE-2022-1903—ARMember < 3.4.8 - Unauthenticated Admin Account TakeoverEPSS 8.5%CVE-2015-20067—WP Attachment Export < 0.2.4 - Unauthenticated Posts DownloadEPSS 8.2%CVE-2021-25032—PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog CompromiseEPSS 6.7%CVE-2021-30713HIGHA permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able tEPSS 6.6%KEV CVE-2026-0628HIGHInsufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install EPSS 6.5%CVE-2025-5121HIGHMissing Authorization in GitLabEPSS 6.5%CVE-2023-32117CRITICALWordPress Integrate Google Drive plugin <= 1.1.99 - Unauthenticated Broken Access Control vulnerabilityEPSS 6.3%CVE-2022-3124—Frontend File Manager < 21.3 - Unauthenticated File RenamingEPSS 6.2%CVE-2026-33484HIGHLangflow has Unauthenticated IDOR on Image DownloadsEPSS 5.8%CVE-2025-9133HIGHA missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions fromEPSS 5.5%CVE-2025-59474MEDIUMJenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible tEPSS 4.7%CVE-2019-25141CRITICALEasy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options UpdateEPSS 4.5%CVE-2023-5612MEDIUMMissing Authorization in GitLabEPSS 4.4%CVE-2023-6038CRITICALLocal File Inclusion in h2oai/h2o-3EPSS 4.3%CVE-2020-36719CRITICALListingPro - WordPress Directory & Listing Theme < 2.6.1 - Arbitrary Plugin Installation, Activation and DeactivationEPSS 4.3%CVE-2022-0236HIGHWP Import Export (Lite) <= 3.9.15 Unauthenticated Sensitive Data DisclosureEPSS 4.3%CVE-2024-43045MEDIUMJenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/EPSS 4.3%CVE-2024-4898CRITICALInstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User CreationEPSS 4.2%CVE-2019-18581CRITICALDell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a servEPSS 3.9%

← anteriorpágina 3 / 337siguiente →