Fallos del tipo CWE-862
6730 resultadosCVE-2024-0138CRITICALNVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit of this vulnerabEPSS 0.9%CVE-2021-4331HIGHThe Plus Addons for Elementor PRO <= 4.1.9 & The Plus Addons for Elementor <= 2.0.6 - Authenticated (Contributor+) Privilege EscalationEPSS 0.9%CVE-2021-24639—OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder DeletionEPSS 0.9%CVE-2021-4359MEDIUMFrontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post DeletionEPSS 0.9%CVE-2022-31765HIGHAffected devices do not properly authorize the change password function of the web interface.
This could allow low privileged users to escaEPSS 0.9%CVE-2024-54239CRITICALWordPress Eyewear prescription form plugin <= 4.0.18 - Arbitrary Option Update to Privilege Escalation vulnerabilityEPSS 0.9%CVE-2026-4365CRITICALLearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer DeletionEPSS 0.9%CVE-2023-51650HIGHUnauthorized access vulnerability on three interfacesEPSS 0.9%CVE-2020-10701—A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-onEPSS 0.9%CVE-2022-41797MEDIUMImproper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iEPSS 0.9%CVE-2023-36531MEDIUMWordPress LiquidPoll plugin <= 3.3.68 - Broken Access Control vulnerabilityEPSS 0.9%CVE-2022-41238CRITICALA missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs correspondEPSS 0.9%CVE-2025-55142HIGHMissing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.EPSS 0.9%CVE-2025-55141HIGHMissing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.EPSS 0.9%CVE-2021-21255MEDIUMentities switch IDOREPSS 0.9%CVE-2022-27658—Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information EPSS 0.9%CVE-2024-9756MEDIUMOrder Attachments for WooCommerce 2.0 - 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary File UploadEPSS 0.9%CVE-2024-8480HIGHImage Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File UploadEPSS 0.9%CVE-2025-30448CRITICALThis issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 1EPSS 0.9%CVE-2020-36697HIGHWP GDPR <= 2.1.1 - Missing Authorization ChecksEPSS 0.9%