Falhas do tipo CWE-862

7.076 resultados
CVE-2026-8237MEDIUMConcrete CMS 9.5.0 and below is vulnerable to IDOR in the`/ccm/frontend/conversations/message_detail` endpointEPSS 0.2%CVE-2026-24582MEDIUMWordPress FlexTable plugin <= 3.24.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-46255HIGHWordPress LoginWP - Pro Plugin <= 4.0.8.5 - Settings Change vulnerabilityEPSS 0.2%CVE-2026-6372HIGHWordPress Accept Cryptocurrencies with Plisio plugin <= 2.0.5 - Payment Bypass vulnerabilityEPSS 0.2%CVE-2025-62970MEDIUMWordPress Link Whisper Free plugin <= 0.9.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-3226MEDIUMLearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification TriggeringEPSS 0.2%CVE-2026-2608MEDIUMGutenberg Blocks by Kadence Blocks <= 3.5.32 - Missing AuthorizationEPSS 0.2%CVE-2025-42918MEDIUMMissing Authorization check in SAP NetWeaver Application Server for ABAP (Background Processing)EPSS 0.2%CVE-2026-48973MEDIUMWordPress SVG Support plugin <= 2.5.14 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-27409MEDIUMWordPress Webba Booking plugin <= 6.4.13 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-27055MEDIUMWordPress Penci AI SmartContent Creator plugin <= 2.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-8505MEDIUM495300897 wx-shop cross-site request forgeryEPSS 0.2%CVE-2025-42911MEDIUMMissing Authorization check in SAP NetWeaver (Service Data Download)EPSS 0.2%CVE-2024-58101HIGHSamsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. As a cEPSS 0.2%CVE-2025-69016MEDIUMWordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-0820MEDIUMRepairBuddy <= 4.1116 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Signature Upload to OrdersEPSS 0.2%CVE-2025-14426MEDIUMStrong Testimonials <= 3.2.18 - Missing Authorization to Authenticated (Contributor+) Rating Meta UpdateEPSS 0.2%CVE-2026-56742MEDIUMCilium: Namespaced HTTPRoutes can redirect traffic to other namespacesEPSS 0.2%CVE-2025-1326MEDIUMHomey - Booking and Rentals WordPress Theme <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Reservation & Post DeletionEPSS 0.2%CVE-2026-58373MEDIUMCVAT < 2.69.0 - Missing Authorization on Quality Reports parent_id Filter Leaks Cross-Organization Report ExistenceEPSS 0.2%