Falhas do tipo CWE-862
6.960 resultadosCVE-2026-26977MEDIUMFrappe Learning Management System exposes details of unpublished courses to unauthorized usersEPSS 0.3%CVE-2026-1860MEDIUMKali Forms <= 2.4.8 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data ExposureEPSS 0.3%CVE-2025-53495CRITICALUnauthorized Disclosure of IP Reputation in AbuseFilterEPSS 0.3%CVE-2025-5521MEDIUMWuKongOpenSource WukongCRM updataPassword cross-site request forgeryEPSS 0.3%CVE-2026-45438HIGHWordPress Smart Coupons for WooCommerce plugin < 2.3.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-53821HIGHOpenClaw < 2026.5.18 - Scope Elevation in trusted-proxy Control UI WebSocketEPSS 0.3%CVE-2025-53499CRITICALUnauthorized Inspection of Protected Variables in AbuseFilterEPSS 0.3%CVE-2020-26231MEDIUMBypass of fix for CVE-2020-15247, Twig sandbox escapeEPSS 0.3%CVE-2025-49265HIGHWordPress Membership For WooCommerce plugin <= 2.8.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-55073HIGHA Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their EPSS 0.3%CVE-2023-47770HIGHWordPress BeTheme theme <= 27.1.1 - Contributor+ Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-14481MEDIUMYoast SEO <= 26.5 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via 'post_id' ParameterEPSS 0.3%CVE-2024-13415MEDIUMFood Menu – Restaurant Menu & Online Ordering for WooCommerce <= 5.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings UpdateEPSS 0.3%CVE-2025-30605MEDIUMWordPress sourceplay-navermap plugin <= 0.0.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-41624MEDIUMIncorrect access control in Himalaya Xiaoya nano smart speaker rom_version 1.6.96 allows a remote attacker to have an unspecified impact.EPSS 0.3%CVE-2024-13737MEDIUMMotors – Car Dealer, Classifieds & Listing <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Listing Template CreationEPSS 0.3%CVE-2025-62889MEDIUMWordPress King Addons for Elementor plugin <= 51.1.61 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-13652MEDIUMECPay Ecommerce for WooCommerce <= 1.1.2411060 - Missing Authorization to Authenticated (Subscriber+) Log DeletionEPSS 0.3%CVE-2025-31406MEDIUMWordPress ELEX WooCommerce Request a Quote plugin <= 2.3.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2020-27349—aptdaemon performed policykit permissions checks too lateEPSS 0.3%