Falhas do tipo CWE-862
6.923 resultadosCVE-2023-31826HIGHSkyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitraEPSS 0.3%CVE-2025-46823HIGHOpenMRS has Vulnerability in FHIR2 Module PrivilegesEPSS 0.3%CVE-2024-12781MEDIUMAurum - WordPress & WooCommerce Shopping Theme <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Demo Content ImportEPSS 0.3%CVE-2026-44994MEDIUMOpenClaw < 2026.4.22 - Authentication Bypass in Gateway Control UI Bootstrap Config EndpointEPSS 0.3%CVE-2024-2017MEDIUMCountdown, Coming Soon, Maintenance – Countdown & Clock <= 2.7.8 - Missing Authorization to Authenticated (Subscriber+) PHP Object InjectionEPSS 0.3%CVE-2023-4728MEDIUMLadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.4 - Missing Authorization on publish_lp()EPSS 0.3%CVE-2024-22151MEDIUMWordPress Import and export users and customers plugin <= 1.24.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-1774MEDIUMUnauthorized email invite to a private channelEPSS 0.3%CVE-2026-28276HIGHInitiative Allows Unauthenticated Access to Uploaded Documents via Public /uploads/ EndpointEPSS 0.3%CVE-2025-15157HIGHStarfish Review Generation & Marketing for WordPress <= 3.1.19 - Authenticated (Subscriber+) Arbitrary Options Update via srm_restore_options_defaultsEPSS 0.3%CVE-2024-3277MEDIUMYumpu ePaper publishing <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key ModificationEPSS 0.3%CVE-2024-34813MEDIUMWordPress WooCommerce Wishlist plugin <= 1.7.8 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-11085MEDIUMWP Log Viewer <= 1.2.1 - Missing AuthorizationEPSS 0.3%CVE-2026-4949MEDIUMProfilePress <= 4.16.12 - Missing Authorization to Authenticated (Subscriber+) Inactive Membership Plan SubscriptionEPSS 0.3%CVE-2026-34395MEDIUMAVideo: Mass User PII Disclosure via Missing Authorization in YPTWallet users.json.phpEPSS 0.3%CVE-2025-48784HIGHSoar Cloud HRD Human Resource Management System - Missing AuthorizationEPSS 0.3%CVE-2026-3649MEDIUMKatalogportal-pdf-sync Widget <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via 'katalogportal_shortcodePrinter' AJAX ActionEPSS 0.3%CVE-2025-62946MEDIUMWordPress Everest Backup plugin <= 2.3.8 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-7306HIGHFrontend File Manager <= 21.5 - Missing Authorization to Unauthenticated Arbitrary Post DeletionEPSS 0.3%CVE-2024-35742MEDIUMWordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Broken Access Control vulnerabilityEPSS 0.3%