Falhas do tipo CWE-862
6.961 resultadosCVE-2025-59416HIGHThe Scratch Channel forks can publish articlesEPSS 0.3%CVE-2025-62922MEDIUMWordPress Export Categories plugin <= 1.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-55072MEDIUMA Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their EPSS 0.3%CVE-2025-14079MEDIUMELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings UpdateEPSS 0.3%CVE-2026-28254MEDIUMMissing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer ConciergeEPSS 0.3%CVE-2025-52554MEDIUMn8n Improper Authorization in Workflow Execution Stop Endpoint Allows Terminating Other Users’ WorkflowsEPSS 0.3%CVE-2026-9014MEDIUMWP Promoter <= 1.3 - Missing Authorization to Unauthenticated Statistics Reset via wpp-reset_stats AJAX ActionEPSS 0.3%CVE-2023-4302MEDIUMMissing permission checks in Fortify Plugin allow capturing credentialsEPSS 0.3%CVE-2025-52775HIGHWordPress Project Cost Calculator Plugin <= 1.0.0 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-28554MEDIUMwpForo Forum 2.4.14 Missing Authorization via Post Approval AJAX HandlerEPSS 0.3%CVE-2023-48761MEDIUMWordPress JetElements For Elementor plugin <= 2.6.13 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-28555MEDIUMwpForo Forum 2.4.14 Missing Authorization via Topic Close AJAX HandlerEPSS 0.3%CVE-2025-66736HIGHyoulai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permissEPSS 0.3%CVE-2022-47339MEDIUMIn cmd services, there is a OS command injection issue due to missing permission check. This could lead to local escalation of privilege witEPSS 0.3%CVE-2025-22665MEDIUMWordPress RapidLoad plugin <= 2.4.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-22647MEDIUMWordPress AIO Performance Profiler plugin <= 1.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-11701MEDIUMZip Attachments <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment DisclosureEPSS 0.3%CVE-2025-31529MEDIUMWordPress Slider Path for Elementor plugin <= 3.0.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-2381MEDIUMWooCommerce Stripe Payment Gateway <= 10.7.0 - Missing Authorization to Unauthenticated Order Status Manipulation via 'order' ParameterEPSS 0.3%CVE-2026-12119MEDIUMSimple File List <= 6.3.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Operations (Deletion / Move / Folder Creation / Download) via 'frontmanage' Shortcode AttributeEPSS 0.3%