Falhas do tipo CWE-862
6.959 resultadosCVE-2026-25398MEDIUMWordPress Vertex Addons for Elementor plugin <= 1.6.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-31858MEDIUMWordPress Local Magic plugin <= 2.9.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-40937HIGHRustFS missing admin authorization on notification target endpoints, which allows unauthenticated configuration of event webhooksEPSS 0.3%CVE-2025-62085MEDIUMWordPress BERTHA AI plugin <= 1.13 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-25045HIGHBudibase Critical Privilege Escalation & IDOR via Missing RBAC on User Role Management (Creator-Role)EPSS 0.3%CVE-2025-6718HIGHB1.lt for WooCommerce <= 2.2.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL InjectionEPSS 0.3%CVE-2025-62151MEDIUMWordPress Virtuaria PagBank / PagSeguro para Woocommerce plugin <= 3.6.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-62100MEDIUMWordPress ThemeRain Core plugin <= 1.1.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-7888MEDIUMClassified Listing – Classified ads & Business Directory Plugin <= 3.1.7 - Missing AuthorizationEPSS 0.3%CVE-2025-53452MEDIUMWordPress Event Rocket Plugin <= 3.3 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-1280HIGHFrontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' ParameterEPSS 0.3%CVE-2024-6458MEDIUMWooCommerce Product Table Lite <= 3.5.1 - Missing Authorization to (Subscriber+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2026-10831MEDIUMImproper Authorization of Break Signal Commands in DevicesEPSS 0.3%CVE-2024-5309MEDIUMForm Vibes – Database Manager for Forms <= 1.4.12 - Missing Authorization in Multiple FunctionsEPSS 0.3%CVE-2025-47887MEDIUMMissing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers with Overall/Read permiEPSS 0.3%CVE-2026-3645MEDIUMPunnel <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update via 'punnel_save_config' AJAX ActionEPSS 0.3%CVE-2026-41160MEDIUMEspoCRM: Broken Access Control / IDOR in Note Pinning API allows unauthorized modification of notesEPSS 0.3%CVE-2024-13303MEDIUMDownload All Files - Critical - Access bypass - SA-CONTRIB-2024-069EPSS 0.3%CVE-2025-11442MEDIUMJhumanJ OpnForm API Endpoint cross-site request forgeryEPSS 0.3%CVE-2024-13312MEDIUMOpen Social - Moderately critical - Access bypass - SA-CONTRIB-2024-076EPSS 0.3%