Fallos del tipo CWE-862
7077 resultadosCVE-2025-15476MEDIUMThe Bucketlister <= 0.1.5 - Missing Authorization to Authenticated (Subscriber+) Bucket List ModificationEPSS 0.2%CVE-2026-6589MEDIUMComfyUI server.py create_origin_only_middleware cross-site request forgeryEPSS 0.2%CVE-2025-12640MEDIUMFolders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager <= 3.1.5 - Missing Authorization to Authenticated (Author+) Media ReplacementEPSS 0.2%CVE-2025-12061HIGHTax Service Electronic HDM < 1.2.1 - Unauthenticated Arbitrary SQL ExecutionEPSS 0.2%CVE-2026-44592CRITICALGradient: Unauthenticated worker on /proto → arbitrary NAR write / cache poisoningEPSS 0.2%CVE-2023-44214MEDIUMSensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) beEPSS 0.2%CVE-2025-41231HIGHVMware Cloud Foundation Missing Authorisation VulnerabilityEPSS 0.2%CVE-2025-66087MEDIUMWordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66106MEDIUMWordPress Featured Post Creative plugin <= 1.5.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-27091MEDIUMWordPress UiPress lite plugin <= 3.5.09 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14573LOWTeam Admin Bypass of Invite Permissions via allow_open_invite FieldEPSS 0.2%CVE-2025-66084MEDIUMWordPress FluentCommunity plugin <= 2.0.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2023-45240MEDIUMSensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) beEPSS 0.2%CVE-2022-20511MEDIUMIn getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local informationEPSS 0.2%CVE-2026-27331MEDIUMWordPress WpTravelly plugin <= 2.1.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39700MEDIUMWordPress WowOptin plugin <= 1.4.32 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39694MEDIUMWordPress Simply Schedule Appointments plugin <= 1.6.10.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39698MEDIUMWordPress The Publisher Desk ads.txt plugin <= 1.5.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2022-20522HIGHIn getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guestEPSS 0.2%CVE-2024-8272HIGHmacOS Universal Audio (UAConnect) <= 2.7.0 - Local Privilege EscalationEPSS 0.2%