Falhas do tipo CWE-862

7.050 resultados
CVE-2025-68595MEDIUMWordPress Widgets for Social Photo Feed plugin <= 1.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-15512MEDIUMAplazo Payment Gateway <= 1.4.3 - Missing Authorization to Unauthenticated Order Status ManipulationEPSS 0.2%CVE-2025-13964MEDIUMLearnPress – WordPress LMS Plugin <= 4.3.2 - Missing Authentication to Unauthenticated Course ModificationEPSS 0.2%CVE-2025-31886MEDIUMWordPress Social proof testimonials and reviews by Repuso plugin <= 5.21 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-42677HIGHWordPress WP Document Revisions plugin <= 3.8.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-68045HIGHWordPress WP Event SOlution plugin <= 4.1.12 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-1631MEDIUMFeeds for YouTube < 2.6.4 - Subscriber+ License Data DeletionEPSS 0.2%CVE-2025-5033MEDIUMXiaoBingby TeaCMS addUser cross-site request forgeryEPSS 0.2%CVE-2026-42069HIGHKirby: Read access to site, user and role information is not gated by permissionsEPSS 0.2%CVE-2024-13715MEDIUMzStore Manager Basic <= 3.311 - Missing Authorization to Authenticated (Subscriber+) Cache ClearingEPSS 0.2%CVE-2025-12898MEDIUMPretty Google Calendar <= 2.0.0 - Missing Authorization to Unauthenticated Google API Key ExposureEPSS 0.2%CVE-2026-57949HIGHruoyi-vue-pro - Missing Authorization in CRM Follow-up Record GET EndpointEPSS 0.2%CVE-2025-0515MEDIUMBuzz Club – Night Club, DJ and Music Festival Event WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Option UpdateEPSS 0.2%CVE-2025-8739MEDIUMzhenfeng13 My-Blog save cross-site request forgeryEPSS 0.2%CVE-2026-56695HIGHOpenHarness - Cross-Session Disclosure via /resume and /summary CommandsEPSS 0.2%CVE-2026-25431MEDIUMWordPress Hustle plugin <= 7.8.10.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-44734MEDIUMOpenProject: Improper Access Control on OpenProject through the POST request to /projects/[PROJECT_NAME]/cost_reports/[REPORT_ID]/renameEPSS 0.2%CVE-2026-28424MEDIUMStatamic's missing authorization allows access to email addressesEPSS 0.2%CVE-2026-49822HIGHFission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillanceEPSS 0.2%CVE-2026-2720MEDIUMHr Press Lite <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information ExposureEPSS 0.2%