Falhas do tipo CWE-862

6.914 resultados
CVE-2024-31350MEDIUMWordPress AWP Classifieds plugin <= 4.3.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-68021MEDIUMWordPress ConveyThis plugin <= 269.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-29073MEDIUMSiYuan: Direct SQL Query API accessible to Reader-level users enables unauthorized database accessEPSS 0.3%CVE-2024-34435MEDIUMWordPress Aiomatic plugin <= 1.9.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-6964MEDIUMVideo Conferencing with Zoom <= 4.6.7 - Missing Authorization to Unauthenticated Zoom SDK Credential Exposure via 'get_auth' AJAX ActionEPSS 0.3%CVE-2025-1279HIGHBM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options UpdateEPSS 0.3%CVE-2025-67994HIGHWordPress YayCurrency plugin <= 3.3 - Arbitrary Content Deletion vulnerabilityEPSS 0.3%CVE-2024-8427MEDIUMFrontend Post Submission Manager Lite – Frontend Posting WordPress Plugin <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings UpdateEPSS 0.3%CVE-2025-24736MEDIUMWordPress Post Duplicator plugin <= 2.35 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-26958HIGHWordPress JetBlog plugin <= 2.4.3 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-30484MEDIUMWordPress RT Easy Builder plugin <= 2.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-6883MEDIUMEasy Social Feed <= 6.5.2 - Missing Authorization to Settings ModificationEPSS 0.3%CVE-2024-31261MEDIUMWordPress Announcer – Notification & message bars plugin <= 6.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-0832HIGHNew User Approve <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary User Approval, Denial, and Information DisclosureEPSS 0.3%CVE-2025-0526LOWIn affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field EPSS 0.3%CVE-2024-1804MEDIUMTutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_import_from_xmlEPSS 0.3%CVE-2025-1249MEDIUMWordPress Events Manager plugin <= 6.6.4.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-42083HIGHfree5GC: PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPIEPSS 0.3%CVE-2026-12432MEDIUMStripe Payment Forms by WP Full Pay <= 8.4.3 - Missing Authorization to Unauthenticated Payment Record Manipulation via 'paymentIntentId' ParameterEPSS 0.3%CVE-2026-26236MEDIUMQuMagieEPSS 0.3%