Fallos del tipo CWE-862

7075 resultados
CVE-2026-23683MEDIUMMissing Authorization check in SAP Fiori App (Intercompany Balance Reconciliation)EPSS 0.2%CVE-2025-66160MEDIUMWordPress Select Graphist for Elementor Graphist for Elementor plugin <= 1.2.10 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-62073MEDIUMWordPress MeetingHub plugin <= 1.23.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2022-36836MEDIUMUnprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission.EPSS 0.2%CVE-2026-4109MEDIUMEventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) <= 4.1.8 Missing Authorization to Authenticated (Subscriber+) Order Information ExposureEPSS 0.2%CVE-2025-3527MEDIUMEventON - WordPress Virtual Event Calendar Plugin <= 4.9.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-64274MEDIUMWordPress WPKoi Templates for Elementor plugin <= 3.4.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-11448MEDIUMGallery Plugin for WordPress – Envira Photo Gallery <= 1.11.0 - Missing Authorization to Authenticated (Contributor+) Gallery ConversionEPSS 0.2%CVE-2026-56063HIGHWordPress MailChimp Block plugin <= 1.1.15 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-64378HIGHWordPress ListingPro theme < 2.9.10 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-12665MEDIUMNinja Countdown <= 1.5.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Countdown DeletionEPSS 0.2%CVE-2025-46258MEDIUMWordPress Element Pack Pro Plugin < 8.0.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-11172MEDIUMCheck Plagiarism <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Settings UpdateEPSS 0.2%CVE-2023-20909MEDIUMIn multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to loEPSS 0.2%CVE-2025-69189HIGHWordPress JobBank plugin <= 1.2.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-42675HIGHWordPress Hydra Booking plugin <= 1.1.41 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-40839LOWThis issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical accesEPSS 0.2%CVE-2025-12563MEDIUMBlog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Incorrect Authorization to Video File UploadEPSS 0.2%CVE-2026-57300MEDIUMA missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read EPSS 0.2%CVE-2025-12582MEDIUMFeatures <= 0.0.2 - Missing Authorization to Authenticated (Subscriber+) Option ResetEPSS 0.2%