Falhas do tipo CWE-862
6.883 resultadosCVE-2025-5953HIGHWP Human Resource Management 2.0.0 - 2.2.17 - Missing Authorization to Authenticated (Employee+) Privilege Escalation via wp_ajax_hrm_insert_employee AJAX ActionEPSS 0.4%CVE-2025-25953MEDIUMSerosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token expEPSS 0.4%CVE-2023-46146HIGHWordPress Themify Ultra theme <= 7.3.5 - Multiple Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-4117MEDIUMCalJ <= 1.5 - Authenticated (Subscriber+) Arbitrary Settings Modification via 'save-obtained-key' ActionEPSS 0.4%CVE-2026-8934MEDIUMCross-Project Information Leakage in Google App Engine UIEPSS 0.4%CVE-2023-45061MEDIUMWordPress WP Job Openings plugin <= 3.4.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-46610MEDIUMWordPress Quill Forms plugin <= 3.3.0 - Broken Access Control + CSRF vulnerabilityEPSS 0.4%CVE-2024-28167MEDIUMMissing Authorization check in SAP Group Reporting Data Collection (Enter Package Data)EPSS 0.4%CVE-2025-30916MEDIUMWordPress Residential Address Detection plugin <= 2.5.4 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-54254MEDIUMWordPress Message Filter for Contact Form 7 plugin <= 1.6.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-30944HIGHWordPress Tablesome Table Premium <= 1.1.23 - Broken Access Control VulnerabilityEPSS 0.4%CVE-2023-45649MEDIUMWordPress Appointment Hour Booking plugin <= 1.4.23 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-44258MEDIUMWordPress Schema App Structured Data plugin <= 1.23.1 - Broken Access Control + CSRF vulnerabilityEPSS 0.4%CVE-2024-34768MEDIUMWordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-26846CRITICALAn issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadaEPSS 0.4%CVE-2025-31685CRITICALOpen Social - Moderately critical - Access bypass - SA-CONTRIB-2025-014EPSS 0.4%CVE-2026-24376MEDIUMWordPress WPVulnerability plugin <= 4.2.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-32731MEDIUMMissing Authorization check in SAP My Travel RequestsEPSS 0.4%CVE-2024-48902MEDIUMIn JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via APEPSS 0.4%CVE-2024-13316MEDIUMScratch & Win – Giveaways and Contests <= 2.8.0 - Missing Authorization to Unauthenticated Coupon CreationEPSS 0.4%