Fallos del tipo CWE-862
7075 resultadosCVE-2026-40763MEDIUMWordPress Royal Elementor Addons plugin <= 1.7.1056 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-13136MEDIUMGSheetConnector For Ninja Forms <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) System Information ExposureEPSS 0.2%CVE-2026-42753HIGHWordPress WCFM Membership plugin <= 2.11.10 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-12113MEDIUMAlt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images <= 1.8.3 - Missing Authorization to Authenticated (Subscriber+) API Key DeletionEPSS 0.2%CVE-2025-43286HIGHA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26EPSS 0.2%CVE-2026-47728MEDIUMBugsink: Project scoping missing in sourcemap and debug-file lookupEPSS 0.2%CVE-2026-39401MEDIUMPrivilege Escalation via update_event Job Output in CronicleEPSS 0.2%CVE-2025-11448MEDIUMGallery Plugin for WordPress – Envira Photo Gallery <= 1.11.0 - Missing Authorization to Authenticated (Contributor+) Gallery ConversionEPSS 0.2%CVE-2026-33290MEDIUMWPGraphQL Repo's updateComment allows low-privileged authenticated users to change comment moderation status (comment_approved) without moderate_comments permissionEPSS 0.2%CVE-2026-1254MEDIUMModula Image Gallery – Photo Grid & Video Gallery <= 2.13.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post/Page EditingEPSS 0.2%CVE-2026-57921MEDIUMIn JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpointEPSS 0.2%CVE-2025-43331MEDIUMA downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to acceEPSS 0.2%CVE-2026-44794MEDIUMNautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to referenceEPSS 0.2%CVE-2026-3638MEDIUMImproper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authentEPSS 0.2%CVE-2024-14032HIGHTwitch Studio LauncherHelper XPC Missing Authorization to Root File WriteEPSS 0.2%CVE-2024-54020LOWA missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated aEPSS 0.2%CVE-2022-42479MEDIUMWordPress Soledad premium theme <= 8.2.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-64219MEDIUMWordPress Business Directory plugin <= 6.4.18 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-8042LOWRapid7 Insight Platform Unauthorized Empty Group CreationEPSS 0.2%CVE-2026-24190HIGHNVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GEPSS 0.2%