Fallos del tipo CWE-862

6899 resultados
CVE-2026-39533HIGHWordPress AWP Classifieds plugin <= 4.4.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-45436MEDIUMWordPress WPBakery Page Builder plugin <= 8.7.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-30107HIGHOn IROAD V9 devices, Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties.EPSS 0.3%CVE-2025-68069HIGHWordPress Directorist plugin <= 8.6.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-33182HIGHNVIDIA Jetson Linux contains a vulnerability in UEFI, where improper authentication may allow a privileged user to cause corruption of the LEPSS 0.3%CVE-2024-1328MEDIUMNewsletter2Go <= 4.0.14 - Authenticated(Subscriber+) Stored Cross-Site Scripting via styleEPSS 0.3%CVE-2024-54218MEDIUMWordPress AIO Contact plugin <= 2.8.1 - Unauthenticated Plugin Settings Change vulnerabilityEPSS 0.3%CVE-2026-34024HIGHMissing authorization checks in Wertheim SafeController Software allow low-privileged users to access restricted functionsEPSS 0.3%CVE-2023-45765MEDIUMWordPress WP ERP plugin <= 1.12.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-26764MEDIUMWordPress Distance Based Shipping Calculator plugin <= 2.0.22 - Settings Change vulnerabilityEPSS 0.3%CVE-2026-2446CRITICALPowerpack for LearnDash < 1.3.0 - Unauthenticated Arbitrary Option UpdateEPSS 0.3%CVE-2023-45110MEDIUMWordPress Bold Timeline Lite plugin <= 1.1.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-9860MEDIUMBridge Core <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Demo ImportEPSS 0.3%CVE-2026-42137HIGHKirby: `pages.access/list` and `files.access/list` permissions are not consistently checked in the REST API and changes dialogEPSS 0.3%CVE-2025-11988MEDIUMCrypto Tool <= 2.22 - Missing Authentication to Unauthenticated Limited File DeletionEPSS 0.3%CVE-2025-62037MEDIUMWordPress Togo theme < 1.0.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-13541MEDIUMaDirectory – WordPress Directory Listing Plugin <= 2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post DeletionEPSS 0.3%CVE-2025-61751HIGHVulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (comEPSS 0.3%CVE-2026-0814MEDIUMAdvanced CF7 DB <= 2.0.9 - Missing Authorization to Authenticated (Subscriber+) Form Submissions Excel ExportEPSS 0.3%CVE-2026-23990MEDIUMFlux Operator Web UI Impersonation Bypass via Empty OIDC ClaimsEPSS 0.3%