Falhas do tipo CWE-862

6.960 resultados
CVE-2026-40870HIGHDecidim's comments API allows access to all commentable resourcesEPSS 0.3%CVE-2025-13794MEDIUMAuto Featured Image <= 4.2.1 - Missing Authorization to Authenticated (Contributor+) Post Thumbnail ModificationEPSS 0.3%CVE-2025-41443MEDIUMGuest user can discover active public channelsEPSS 0.3%CVE-2025-63294MEDIUMWorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. An authenticated user can create leave or resignatioEPSS 0.3%CVE-2024-8632MEDIUMKB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Unauthenticated Ticket Reply ExposureEPSS 0.3%CVE-2024-4139MEDIUMMissing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)EPSS 0.3%CVE-2025-39493MEDIUMWordPress Rankie plugin < 1.8.2 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-3808MEDIUMzhenfeng13 My-BBS cross-site request forgeryEPSS 0.3%CVE-2026-41394HIGHOpenClaw < 2026.3.31 - Unauthorized Operator Scope Access in Unauthenticated Plugin-Auth RoutesEPSS 0.3%CVE-2025-30974MEDIUMWordPress Post Grid Master plugin <= 3.4.17 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-53784MEDIUMWordPress Smart Marketing SMS and Newsletters Forms plugin <= 5.0.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-13440MEDIUMPremmerce Wishlist for WooCommerce <= 1.1.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wishlist DeletionEPSS 0.3%CVE-2025-28962MEDIUMWordPress Advanced Google Universal Analytics plugin <= 1.0.3 - Broken Access Control to Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2025-31469MEDIUMWordPress Clear Sucuri Cache plugin <= 1.4 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-26948MEDIUMWordPress Pie Register Premium plugin <= 3.8.3.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-2298HIGHAuthenticated API Endpoint Allows Arbitrary File Deletion in Dremio SoftwareEPSS 0.3%CVE-2025-49651HIGHMissing Authorization for Interactive SessionsEPSS 0.3%CVE-2025-7956MEDIUMAjax Search Lite <= 4.13.1 - Missing Authorization to Unauthenticated Basic Information Exposure via ASL_Query in AJAX Search HandlerEPSS 0.3%CVE-2024-4138MEDIUMMissing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)EPSS 0.3%CVE-2025-62086MEDIUMWordPress Яндекс Доставка (Boxberry) plugin <= 2.34 - Broken Access Control vulnerabilityEPSS 0.3%