Fallos del tipo CWE-862

6896 resultados
CVE-2025-58075HIGHArbitrary Mattermost Team can be joined by manipulating the SAML RelayStateEPSS 0.3%CVE-2026-56115HIGHBootimus 0.1.70 Broken Access Control via JWTMiddleware Authorization BypassEPSS 0.3%CVE-2025-14657HIGHEventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered) <= 4.0.51 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'post_settings'EPSS 0.3%CVE-2025-5483HIGHLC Wizard 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege EscalationEPSS 0.3%CVE-2025-15400MEDIUMOpenPix <= 2.13.3 - Subscriber+ Payment Gateway Settings ResetEPSS 0.3%CVE-2024-37249MEDIUMWordPress Advanced Custom Fields Pro plugin < 6.3.2 - Contributor+ Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-15507MEDIUMMagic Import Document Extractor <= 1.0.5 - Missing Authorization to Unauthenticated Plugin License Status ModificationEPSS 0.3%CVE-2026-1938MEDIUMYayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' EndpointEPSS 0.3%CVE-2024-23524MEDIUMWordPress PilotPress plugin <= 2.0.30 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-43008MEDIUMMissing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM PortugalEPSS 0.3%CVE-2026-39593MEDIUMWordPress HAPPY plugin <= 1.0.10 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2020-36852CRITICALCustom Searchable Data Entry System <= 1.7.1 - Unauthenticated Database WipingEPSS 0.3%CVE-2026-23477HIGHRocket.Chat Unauthorized Access to OAuth App DetailsEPSS 0.3%CVE-2024-1217HIGHContact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization to Arbitrary Plugin DeactivationEPSS 0.3%CVE-2025-31381MEDIUMWordPress Booking Calendar and Notification plugin <= 4.0.3 - Broken Authentication vulnerabilityEPSS 0.3%CVE-2024-12176MEDIUMWordLift – AI powered SEO – Schema <= 3.54.2 - Missing Authorization to Authenticated (Subscriber+) Settings UpdateEPSS 0.3%CVE-2024-45285MEDIUMMultiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP PlatformEPSS 0.3%CVE-2025-67972MEDIUMWordPress Zoho ZeptoMail plugin <= 3.2.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-22699MEDIUMWordPress MainWP Wordfence Extension Plugin <= 4.0.7 - Subscriber+ Arbitrary Plugin Activation VulnerabilityEPSS 0.3%CVE-2025-31525MEDIUMWordPress WP Mobile Bottom Menu plugin <= 1.4.0 - Broken Access Control vulnerabilityEPSS 0.3%