Falhas do tipo CWE-862
6.960 resultadosCVE-2026-41394HIGHOpenClaw < 2026.3.31 - Unauthorized Operator Scope Access in Unauthenticated Plugin-Auth RoutesEPSS 0.3%CVE-2025-2298HIGHAuthenticated API Endpoint Allows Arbitrary File Deletion in Dremio SoftwareEPSS 0.3%CVE-2025-49651HIGHMissing Authorization for Interactive SessionsEPSS 0.3%CVE-2025-39559MEDIUMWordPress Bring Fraktguiden for WooCommerce plugin <= 1.11.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-21450LOWMissing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without EPSS 0.3%CVE-2025-4282MEDIUMSourceCodester/oretnom23 Stock Management System Users.php cross-site request forgeryEPSS 0.3%CVE-2025-15510MEDIUMNEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information ExposureEPSS 0.3%CVE-2026-25633MEDIUMStatamic's missing authorization allows access to assetsEPSS 0.3%CVE-2026-1253MEDIUMGroup Chat & Video Chat by AtomChat <= 1.1.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Options UpdateEPSS 0.3%CVE-2025-36367HIGHIBM i is affected by a privilege escalation in IBM i SQL servicesEPSS 0.3%CVE-2025-53221MEDIUMWordPress CodeablePress plugin <= 1.0.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-12122MEDIUMKirki <= 6.0.11 - Missing Authorization to Unauthenticated Sensitive Information Exposure via kirki_post_apis_nopriv AJAX ActionEPSS 0.3%CVE-2025-41410MEDIUMSlack import bypasses email verification for team access controlsEPSS 0.3%CVE-2026-1833MEDIUMWaMate Confirm <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Phone Number Blocking/UnblockingEPSS 0.3%CVE-2026-3581MEDIUMBasic Google Maps Placemarks <= 1.10.7 - Missing Authorization to Unauthenticated Default Map Coordinate UpdateEPSS 0.3%CVE-2024-6750HIGHSocial Auto Poster <= 5.3.14 - Missing Authorization via Multiple FunctionsEPSS 0.3%CVE-2026-4124MEDIUMZiggeo <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via 'ziggeo_ajax' AJAX ActionEPSS 0.3%CVE-2026-12428MEDIUMBlocks for ACF Fields <= 1.6.2 - Missing Authorization to Authenticated (Author+) Arbitrary ACF Field Value Disclosure via 'id' ParameterEPSS 0.3%CVE-2026-1786MEDIUMTwitter posts to Blog <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings UpdateEPSS 0.3%CVE-2025-14913MEDIUMFrontend Post Submission Manager Lite <= 1.2.6 - Incorrect Authorization to Unauthenticated Arbitrary Attachment DeletionEPSS 0.3%