Fallos del tipo CWE-862

6854 resultados
CVE-2024-2036MEDIUMApplyOnline – Application Form Builder and Manager <= 2.6.2 - Missing Authorization to Sensitive Information ExposureEPSS 0.4%CVE-2025-14947MEDIUMAll-in-One Video Gallery <= 4.6.4 - Missing Authorization to Unauthenticated Bunny Stream Video Creation/DeletionEPSS 0.4%CVE-2025-21527MEDIUMVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Design Tools SEC). Supported versions that areEPSS 0.4%CVE-2022-41695MEDIUMWordPress Traffic Manager Plugin <= 1.4.5 is vulnerable to Broken Access ControlEPSS 0.4%CVE-2023-39995MEDIUMWordPress Portfolio and Projects plugin <= 1.3.7 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-1404MEDIUMSecure Copy Content Protection and Content Locking <= 4.4.7 - Missing Authorization to Unauthenticated User Email Retrieval via ays_sccp_reports_user_search FunctionEPSS 0.4%CVE-2023-2494MEDIUMGo Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Missing Authorization to Limited Privilege GrantingEPSS 0.4%CVE-2024-34815MEDIUMWordPress Import and export users and customers plugin <= 1.26.5 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-8495CRITICALDate iCal - Critical - Information disclosure - SA-CONTRIB-2026-037EPSS 0.4%CVE-2025-11754HIGHCookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent <= 4.1.2 - Missing Authorization to Sensitive Information ExposureEPSS 0.4%CVE-2024-3626MEDIUMEmail Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing AuthorizationEPSS 0.4%CVE-2024-22272MEDIUMVMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organizEPSS 0.4%CVE-2023-48775MEDIUMWordPress WP CleanFix plugin <= 5.6.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-28217MEDIUMIDOR in GraphQL userCollection Query Exposes Other Users' Private CollectionsEPSS 0.4%CVE-2023-29173MEDIUMWordPress Product Category Tree plugin <= 2.5 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-3237MEDIUMConvertPlug <= 3.5.25 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options UpdateEPSS 0.4%CVE-2026-26358HIGHDell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote accessEPSS 0.4%CVE-2025-27008HIGHWordPress Unlimited Timeline < 1.6.1 - Broken Access Control VulnerabilityEPSS 0.4%CVE-2024-8552MEDIUMDownload Monitor <= 5.0.9 - Missing Authorization to Authenticated (Subscriber+) Shop EnableEPSS 0.4%CVE-2024-21630MEDIUMZulip non-admins can invite new users to streams they would not otherwise be able to add existing users toEPSS 0.4%