Fallos del tipo CWE-862

6811 resultados
CVE-2024-10330MEDIUMImproper Access Control in lunary-ai/lunaryEPSS 0.5%CVE-2024-42434MEDIUMZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Missing AuthorizationEPSS 0.5%CVE-2024-4428MEDIUMSensetive Data Exposure in Menulux Managment PortalEPSS 0.5%CVE-2024-12006MEDIUMW3 Total Cache <= 2.8.1 Missing Authorization to Unauthenticated Plugin Deactivation and Extensions Activation/DeactivationEPSS 0.5%CVE-2025-26368HIGHA CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authEPSS 0.5%CVE-2023-36510HIGHWordPress ReDi Restaurant Reservation plugin <= 23.0211 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-37470HIGHWordPress Woffice Core plugin <= 5.4.8 - Unauthenticated Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-39823MEDIUMZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Missing AuthorizationEPSS 0.5%CVE-2022-48318MEDIUMInsecure access control mechanisms for RestAPI documentationEPSS 0.5%CVE-2023-22728MEDIUMSilverstripe Framework has missing permission check of canView in GridFieldPrintButtonEPSS 0.5%CVE-2022-45803MEDIUMWordPress Gutenberg Forms plugin <= 2.2.8.3 - Auth. Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-27911HIGHA vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password.EPSS 0.5%CVE-2022-40218MEDIUMWordPress TH Advance Product Search plugin <= 1.1.4 - Unauthenticated Plugin Settings Change vulnerabilityEPSS 0.5%CVE-2023-38510HIGHTolgee Lacks Permission Check for API Key for some endpointsEPSS 0.5%CVE-2022-4385Intuitive Custom Post Order < 3.1.4 - Subscriber+ Arbitrary Menu Order UpdateEPSS 0.5%CVE-2022-2450MEDIUMreSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX CallsEPSS 0.5%CVE-2023-30479MEDIUMWordPress Stamped.io Product Reviews & UGC for WooCommerce plugin <= 2.3.2 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-24528MEDIUMSAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain mEPSS 0.5%CVE-2023-1027MEDIUMWP Meta SEO <= 4.5.3 - Missing Authorization in 'checkAllCategoryInSitemap'EPSS 0.5%CVE-2024-43162MEDIUMWordPress Easy Digital Downloads plugin <= 3.2.12 - Broken Access Control vulnerabilityEPSS 0.5%