Fallos del tipo CWE-862

7076 resultados
CVE-2025-12634MEDIUMRefund Request for WooCommerce <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Refund Status UpdateEPSS 0.2%CVE-2025-22607MEDIUMCoolify Vulnerable to GitHub / GitLab OAuth Secrets LeakEPSS 0.2%CVE-2025-68535MEDIUMWordPress Sunshine Photo Cart plugin <= 3.5.7.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-49288MEDIUMStatamic CMS missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resourcesEPSS 0.2%CVE-2026-4202LOWBroken Access Control in extension "Redirect Tab"EPSS 0.2%CVE-2026-9824MEDIUMRemote cluster metadata enumeration via /share-channel autocompleteEPSS 0.2%CVE-2026-24353MEDIUMWordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerabilityEPSS 0.2%CVE-2026-5624MEDIUMProjectSend upload.php cross-site request forgeryEPSS 0.2%CVE-2025-69333MEDIUMWordPress JetEngine plugin <= 3.8.1.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66101MEDIUMWordPress CBX Bookmark & Favorite plugin <= 2.0.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-8194MEDIUMosTicket Dispatcher class.dispatcher.php cross-site request forgeryEPSS 0.2%CVE-2026-55838MEDIUMRustFS: Missing admin authorization on /rustfs/admin/v3/metrics allows any authenticated user to read server metricsEPSS 0.2%CVE-2026-5146MEDIUMImproper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or deletEPSS 0.2%CVE-2026-24357MEDIUMWordPress WP Recipe Maker plugin <= 10.2.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-68523MEDIUMWordPress Spiffy Calendar plugin <= 5.0.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-69336MEDIUMWordPress Ultimate Store Kit Elementor Addons plugin <= 2.9.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66096MEDIUMWordPress Table Block by Tableberg plugin <= 0.6.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14350MEDIUMInformation disclosure via channel mentions in postsEPSS 0.2%CVE-2026-34766LOWElectron: USB device selection not validated against filtered device listEPSS 0.2%CVE-2026-49047MEDIUMWordPress DearFlip plugin <= 2.4.27 - Broken Access Control vulnerabilityEPSS 0.2%