Falhas do tipo CWE-862
6.789 resultadosCVE-2021-4388MEDIUMOpal Estate <= 1.6.11 - Missing AuthorizationEPSS 0.7%CVE-2021-4345MEDIUMuListing <= 1.6.6 - Unauthenticated Arbitrary Roles and Capabilities Creation/DeletionEPSS 0.7%CVE-2026-4119CRITICALCreate DB Tables <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Table Creation/Deletion via admin-post.phpEPSS 0.7%CVE-2022-24896MEDIUMTracker report renderer and chart widgets leak information in TuleapEPSS 0.7%CVE-2024-1170HIGHPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media DeletionEPSS 0.7%CVE-2025-22609CRITICALCoolify Vulnerable to Private Key Hijacking / Remote Command Execution (RCE)EPSS 0.7%CVE-2025-11669HIGHBroken Access ControlEPSS 0.7%CVE-2023-24448MEDIUMA missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers with Overall/Read permission to connect to aEPSS 0.7%CVE-2024-11205HIGHWPForms 1.8.4 - 1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription CancellationEPSS 0.7%CVE-2023-24453MEDIUMA missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attackeEPSS 0.7%CVE-2024-13513CRITICALOliver POS – A WooCommerce Point of Sale (POS) <= 2.4.2.3 - Sensitive Information Exposure to Privilege EscalationEPSS 0.7%CVE-2024-4317LOWPostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checksEPSS 0.7%CVE-2025-2807HIGHMotors – Car Dealership & Classified Listings Plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin InstallationEPSS 0.7%CVE-2022-48367CRITICALAn issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.EPSS 0.7%CVE-2021-24355—Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Update and Retrieve Wildcard ValueEPSS 0.7%CVE-2021-41112HIGHMissing Authorization in RundeckEPSS 0.7%CVE-2023-36681MEDIUMWordPress Cryptocurrency Widgets – Price Ticker & Coins List plugin <= 2.6.2 - Broken Access Control vulnerabilityEPSS 0.7%CVE-2024-1934HIGHWP Compress – Image Optimizer <= 6.11.08 - Missing Authorization to Unauthenticated CDN ModificationEPSS 0.7%CVE-2025-6380CRITICALONLYOFFICE Docs 1.1.0 - 2.2.0 - Missing Authorization to Unauthenticated Privilege Escalation via callback FunctionEPSS 0.7%CVE-2023-24459MEDIUMA missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attaEPSS 0.7%