Falhas do tipo CWE-862

7.077 resultados
CVE-2026-24636MEDIUMWordPress Sugar Calendar (Lite) plugin <= 3.9.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-48268MEDIUMWordPress Bot for Telegram on WooCommerce plugin <= 1.2.6 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-54012HIGHOpen WebUI: Forged model meta.knowledge allows cross-user file read and deletionEPSS 0.2%CVE-2025-62115MEDIUMWordPress Hide Plugins plugin <= 1.0.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-64375MEDIUMWordPress WP Social Ninja plugin <= 3.20.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-3624MEDIUMMissing Authorization Vulnerability in Hitachi Ops Center AnalyzerEPSS 0.2%CVE-2025-64358MEDIUMWordPress Smart Coupons for WooCommerce plugin <= 2.2.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-33423LOWDiscourse staff can modify any user's group notification levelEPSS 0.2%CVE-2025-39454MEDIUMWordPress Name Directory plugin <= 1.30.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-12519MEDIUMInformation disclosure on Administration parameters API endpointEPSS 0.2%CVE-2026-40134MEDIUMMissing Authorization Check in SAP Incentive and Commission ManagementEPSS 0.2%CVE-2025-47692MEDIUMWordPress ContentStudio plugin <= 1.3.5 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-24326MEDIUMMissing authorization check in SAP S/4HANA Defense & Security (Disconnected Operations)EPSS 0.2%CVE-2025-64296MEDIUMWordPress Facebook for WooCommerce plugin <= 3.5.7 - Broken Access Control to Notice Dismissal vulnerabilityEPSS 0.2%CVE-2025-62099MEDIUMWordPress Signature Add-On for Gravity Forms plugin <= 1.8.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-39376MEDIUMWordPress Car Park Booking System for WordPress plugin <= 2.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-48128MEDIUMWordPress Sharespine Woocommerce Connector plugin <= 4.7.55 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-14427MEDIUMShield Security: Blocks Bots, Protects Users, and Prevents Security Breaches <= 21.0.9 - Missing Authorization to Authenticated (Subscriber+) Email MFA UpdateEPSS 0.2%CVE-2025-28103MEDIUMIncorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily delete user accounts via a crafted request.EPSS 0.2%CVE-2026-8407MEDIUMMissing authorization in the PAM module in Devolutions Server allows an authenticated user with a PAM license but no additional permissions EPSS 0.2%