Falhas do tipo CWE-862

7.019 resultados
CVE-2023-22836LOWIn cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes the linter name from the default value, the renamed value may be visible to the rest of the stack’s tenants.EPSS 0.3%CVE-2025-15235HIGHQuanta Computer|QOCA aim AI Medical Cloud Platform - Missing AuthorizationEPSS 0.3%CVE-2026-59227MEDIUMOpen WebUI: POST /api/v1/images/edit bypasses the global image-edit switch and the per-user image-generation permissionEPSS 0.3%CVE-2026-1906MEDIUMPDF Invoices & Packing Slips for WooCommerce <= 5.6.0 - Missing Authorization to Authenticated (Subscriber+) Peppol Identifier ModificationEPSS 0.3%CVE-2025-6171MEDIUMMissing Authorization in GitLabEPSS 0.3%CVE-2025-4571MEDIUMGiveWP – Donation Plugin and Fundraising Platform <= 4.3.0 - Missing Authorization To Authenticated (Contributor+) Campaign Data View And ModificationEPSS 0.3%CVE-2025-57971MEDIUMWordPress SALESmanago Plugin <= 3.8.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-1507MEDIUMShareThis Dashboard for Google Analytics <= 3.2.1 - Missing Authorization to Unauthenticated Feature DeactivationEPSS 0.3%CVE-2025-7040HIGHCloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Settings Modification via set_organization_settings ActionEPSS 0.3%CVE-2026-5488MEDIUMExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token'EPSS 0.3%CVE-2025-58222MEDIUMWordPress Team Manager plugin <= 2.5.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-58003MEDIUMWordPress Javo Core Plugin <= 3.0.0.266 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-24747MEDIUMWordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-4290CRITICALWP Travel Pro <= 10.6.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion Including AdministratorsEPSS 0.3%CVE-2024-8682MEDIUMJNews - WordPress Newspaper Magazine Blog AMP Theme <= 11.6.6 - Unauthorized User RegistrationEPSS 0.3%CVE-2025-1285MEDIUMResido - Real Estate WordPress Theme <= 3.6 - Missing Authorization to Unauthenticated Server-Side Request Forgery and API Key Settings UpdateEPSS 0.3%CVE-2026-39351MEDIUMFrappe allows unrestricted Doctype access via API exploitEPSS 0.3%CVE-2026-56250HIGHCapgo - Arbitrary R2 Object Deletion via Mutable r2_path in app_versionsEPSS 0.3%CVE-2025-60159MEDIUMWordPress Nota Fiscal Eletrônica WooCommerce plugin <= 3.4.0.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-20064MEDIUMCisco IOS XR Software Bootloader Unauthenticated Information Disclosure VulnerabilityEPSS 0.3%