Fallos del tipo CWE-862
7076 resultadosCVE-2025-14817MEDIUMFactory Mode App Exists Privilege Escalation Issue Allowing Third-Party Apps to Open ADBEPSS 0.2%CVE-2025-68522MEDIUMWordPress WpStream plugin <= 4.9.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-32391MEDIUMWordPress SmartFix theme < 1.2.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-64229MEDIUMWordPress Client Invoicing by Sprout Invoices plugin <= 20.8.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-60119MEDIUMHi.Events < 1.11.0 XSS via Event Title JSON.stringify InjectionEPSS 0.2%CVE-2026-25019MEDIUMWordPress Atarim plugin <= 4.3.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-68581MEDIUMWordPress YITH Slider for page builders plugin <= 1.0.11 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-1217MEDIUMYoast Duplicate Post <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and OverwriteEPSS 0.2%CVE-2025-66108MEDIUMWordPress TNC Toolbox: Web Performance plugin <= 2.0.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-43341HIGHA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be ableEPSS 0.2%CVE-2026-27393MEDIUMWordPress CF7 WOW Styler plugin <= 1.7.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-64729HIGHAVEVA Process Optimization Missing AuthorizationEPSS 0.2%CVE-2025-66105MEDIUMWordPress Bus Ticket Booking with Seat Reservation plugin < 5.6.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-42541MEDIUMKubewarden: RBAC Reconnaissance via unchecked can_i host capability callEPSS 0.2%CVE-2026-57952MEDIUMMythic < 3.4.0.60 - Unauthorized C2 Profile Configuration Access via Unverified Payload UUIDEPSS 0.2%CVE-2025-62888MEDIUMWordPress WP Attachments plugin <= 5.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-62091MEDIUMWordPress Serial Codes Generator and Validator with WooCommerce Support plugin <= 2.8.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-10085MEDIUMOrdinary group/direct message member can enable group_constrained and remove all channel participantsEPSS 0.2%CVE-2026-45210MEDIUMWordPress Broadstreet Ads plugin <= 1.52.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-61968MEDIUMWordPress myCred plugin <= 3.1.2 - Broken Access Control vulnerabilityEPSS 0.2%