Fallos del tipo CWE-862
6854 resultadosCVE-2026-33353HIGHSoft Serve: Authenticated repo import can clone server-local private repositoriesEPSS 0.4%CVE-2024-34768MEDIUMWordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-48902MEDIUMIn JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via APEPSS 0.4%CVE-2025-26846CRITICALAn issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadaEPSS 0.4%CVE-2025-31685CRITICALOpen Social - Moderately critical - Access bypass - SA-CONTRIB-2025-014EPSS 0.4%CVE-2026-24376MEDIUMWordPress WPVulnerability plugin <= 4.2.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-32731MEDIUMMissing Authorization check in SAP My Travel RequestsEPSS 0.4%CVE-2024-33929MEDIUMWordPress Directorist plugin <= 7.8.6 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-12641MEDIUMAwesome Support – WordPress HelpDesk & Support Plugin <= 6.3.6 - Missing Authorization to Unauthenticated Role DemotionEPSS 0.4%CVE-2026-27046MEDIUMWordPress StoreCustomizer plugin <= 2.6.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-13316MEDIUMScratch & Win – Giveaways and Contests <= 2.8.0 - Missing Authorization to Unauthenticated Coupon CreationEPSS 0.4%CVE-2026-24987MEDIUMWordPress WP System Log plugin <= 1.2.7 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-33316HIGHVikunja’s Improper Access Control Enables Bypass of Administrator-Imposed Account DisablementEPSS 0.4%CVE-2025-31909HIGHWordPress Apptivo Business Site CRM plugin <= 5.3 - Arbitrary Content Deletion vulnerabilityEPSS 0.4%CVE-2026-33866MEDIUMAuthorization Bypass in MLflow AJAX EndpointEPSS 0.4%CVE-2024-38727MEDIUMWordPress Seraphinite Post .DOCX Source plugin <= 2.16.9 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-47841MEDIUMWordPress Analytify plugin <= 5.1.1 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-3893MEDIUMClassified Listing – Classified ads & Business Directory Plugin <= 3.0.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment DeletionEPSS 0.4%CVE-2024-38714MEDIUMWordPress WP Fast Total Search <= 1.68.232 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-42952HIGHMissing Authorization check in SAP Business Warehouse and SAP Plug-In BasisEPSS 0.4%