Falhas do tipo CWE-862

7.076 resultados
CVE-2025-5692MEDIUMLead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Many ActionsEPSS 0.2%CVE-2025-48108MEDIUMWordPress School Management Plugin <= 93.2.0 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-48500MEDIUMFilament: Unauthenticated temporary file upload on auth pagesEPSS 0.2%CVE-2026-62191HIGHOpenClaw 2026.6.6 < 2026.6.9 Authorization Bypass via Message MutationsEPSS 0.2%CVE-2025-13679MEDIUMTutor LMS <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_detailsEPSS 0.2%CVE-2026-4764CRITICALPrivilege Escalation in Dialogflow CX via Playbook ImportEPSS 0.2%CVE-2025-54744MEDIUMWordPress MasterStudy LMS plugin <= 3.6.15 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-4063MEDIUMSocial Icons Widget & Block <= 4.5.8 - Missing Authorization to Authenticated (Subscriber+) Sharing Configuration CreationEPSS 0.2%CVE-2025-14065MEDIUMSimple Bike Rental <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Booking Data ExposureEPSS 0.2%CVE-2026-1148MEDIUMSourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System cross-site request forgeryEPSS 0.2%CVE-2026-39650MEDIUMWordPress UnitechPay plugin <= 1.0.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-32736MEDIUMHytale Modding Wiki has Insecure Direct Object Reference / GDPR PII ExposureEPSS 0.2%CVE-2025-59576MEDIUMWordPress MasterStudy LMS Plugin <= 3.6.20 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-42337MEDIUMMaxKB: Broken Access Control in MaxKB OSS URL Fetch APIEPSS 0.2%CVE-2026-4127MEDIUMSpeedup Optimization <= 1.5.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via 'speedup01_enabled' AJAX ActionEPSS 0.2%CVE-2025-53571MEDIUMWordPress HAPPY plugin <= 1.0.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-44751HIGHMissing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP PlatformEPSS 0.2%CVE-2026-45371HIGHSiYuan: SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIsEPSS 0.2%CVE-2025-14074MEDIUMPDF for Contact Form 7 + Drag and Drop Template Builder <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post DuplicationEPSS 0.2%CVE-2026-27424MEDIUMWordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.11 - Broken Access Control vulnerabilityEPSS 0.2%