Falhas do tipo CWE-862
7.062 resultadosCVE-2026-32334MEDIUMWordPress JobScout theme <= 1.1.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-6109MEDIUMFoundationAgents MetaGPT Mineflayer HTTP API index.js evaluateCode cross-site request forgeryEPSS 0.2%CVE-2025-39353MEDIUMWordPress Grand Restaurant WordPress theme <= 7.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-32371MEDIUMWordPress Elegant Pink theme <= 1.3.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-32329MEDIUMWordPress Advanced Related Posts plugin <= 1.9.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-32377MEDIUMWordPress Pranayama Yoga theme <= 1.2.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-39388MEDIUMWordPress AnalyticsWP plugin <= 2.0.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-33177MEDIUMStatamic is missing authorization check on taxonomy term creation via fieldtypeEPSS 0.2%CVE-2025-49441MEDIUMWordPress Interactive Regional Map of Florida plugin <= 1.0 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-48346MEDIUMWordPress Embed and Integrate Etsy Shop plugin <= 1.0.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-25531MEDIUMKanboard TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projectsEPSS 0.2%CVE-2026-12557MEDIUMNinja Forms - File Uploads <= 3.3.29 - Missing Authorization to Unauthenticated Log Disclosure and Deletion via debug-log/delete-all and debug-log/get-all REST EndpointsEPSS 0.2%CVE-2026-57498CRITICALCoolify Cross-Team IDOR: Livewire Components Accept Unscoped server_id and destination_uuid — Deploy to Other Teams' ServersEPSS 0.2%CVE-2026-3896MEDIUMLivemesh SiteOrigin Widgets <= 3.9.2 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2026-27366HIGHWordPress MainWP Child plugin <= 6.1.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-58460MEDIUMA missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b_92b_cd64 and earlier allows attackers with Overall/Read permission EPSS 0.2%CVE-2026-2732MEDIUMEnable Media Replace <= 4.1.7 - Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background ReplaceEPSS 0.2%CVE-2026-32389MEDIUMWordPress NanoCare theme < 1.2.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-34690MEDIUMMissing Authorization check in SAP Student Life Cycle Management (SLcM)EPSS 0.2%CVE-2026-3897MEDIUMLivemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Missing AuthorizationEPSS 0.2%