Falhas do tipo CWE-862

7.075 resultados
CVE-2025-12778MEDIUMUltimate Member Widgets for Elementor <= 2.3 - Missing Authorization to Unauthenticated Information ExposureEPSS 0.2%CVE-2026-53438MEDIUMA missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking IEPSS 0.2%CVE-2025-25241MEDIUMMissing Authorization check in SAP Fiori Apps Reference Library (My Overtime Requests)EPSS 0.2%CVE-2025-64254LOWWordPress Photo Block plugin <= 1.5.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-61440HIGHPraisonAI Platform before 0.1.9 Authorization Bypass via Label EndpointsEPSS 0.2%CVE-2026-45085MEDIUMDiscourse: Chat misauthorization and information disclosureEPSS 0.2%CVE-2026-49045MEDIUMWordPress Adminimize plugin <= 1.11.11 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-53634MEDIUMSharp: Missing Authorization Check in Quick Creation Command EndpointsEPSS 0.2%CVE-2026-10779MEDIUMClassified Listing <= 5.4.2 - Missing Authorization to Authenticated (Subscriber+) Feature Modification via Multiple AJAX Handlers ('listingId'/'id' Parameters)EPSS 0.2%CVE-2026-57649MEDIUMWordPress Shoppable Images Lite plugin <= 1.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-54840HIGHWordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-34050MEDIUMCoolify Settings/Updates Livewire component missing instance administrator authorizationEPSS 0.2%CVE-2025-67737LOWAzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCEEPSS 0.2%CVE-2022-46845MEDIUMWordPress Slider a SlidersPack plugin <= 2.0.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-3552MEDIUMSurfLink < 2.6.0 - Missing Authorization to Authenticated (Subscriber+) 410 Gone URL Import via 'surfl_import_410' AJAX ActionEPSS 0.2%CVE-2025-48167MEDIUMWordPress Chatbox Manager plugin <= 1.2.5 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-11364MEDIUMProduct Specifications for Woocommerce <= 0.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion via 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX ActionsEPSS 0.2%CVE-2025-11835MEDIUMPaid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.16.4 - Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto RenewalEPSS 0.2%CVE-2026-49054MEDIUMWordPress The Post Grid plugin <= 7.9.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-56402HIGHNanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response HandlerEPSS 0.2%