Fallos del tipo CWE-862

6730 resultados
CVE-2021-39236Owners of the S3 tokens are not validatedEPSS 2.5%CVE-2024-0324HIGHUser Profile Builder <= 3.10.8 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_updateEPSS 2.4%CVE-2022-27480A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected deviEPSS 2.4%CVE-2024-2771CRITICALContact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege EscalationEPSS 2.3%CVE-2024-10783HIGHMainWP Child <= 5.3.3 - Missing Authorization to Unauthenticated Privilege EscalationEPSS 2.3%CVE-2021-39231Missing authentication/authorization on internal RPC endpointsEPSS 2.3%CVE-2020-36730HIGHCMP <= 3.8.1 - Missing AuthorizationEPSS 2.3%CVE-2021-21327MEDIUMUnsafe Reflection in getItemForItemtype()EPSS 2.3%CVE-2020-22007MEDIUMOS Command Injection vulnerability in OKER G955V1 v1.03.02.20161128, allows physical attackers to interrupt the boot sequence and execute arEPSS 2.3%CVE-2025-2075HIGHUncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege EscalationEPSS 2.2%CVE-2020-28215A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range of problems, iEPSS 2.2%CVE-2022-2846MEDIUMCalendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSSEPSS 2.2%CVE-2022-4939CRITICALWCFM Membership <= 2.10.0 - Unauthenticated Privilege EscalationEPSS 2.1%CVE-2024-10586CRITICALDebug Tool <= 2.2 - Unauthenticated Arbitrary File CreationEPSS 2.1%CVE-2024-9161MEDIUMRank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and DeleteEPSS 2.0%CVE-2023-0291HIGHQuiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media DeletionEPSS 2.0%CVE-2021-47812CRITICALGravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)EPSS 2.0%CVE-2026-41679CRITICALPaperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization BypassEPSS 2.0%CVE-2024-50417MEDIUMWordPress Bold Page Builder plugin <= 5.1.3 - Broken Access Control vulnerabilityEPSS 1.9%CVE-2025-40602MEDIUMA local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).EPSS 1.9%KEV