Fallos del tipo CWE-862

6901 resultados
CVE-2026-2446CRITICALPowerpack for LearnDash < 1.3.0 - Unauthenticated Arbitrary Option UpdateEPSS 0.3%CVE-2025-62037MEDIUMWordPress Togo theme < 1.0.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-0814MEDIUMAdvanced CF7 DB <= 2.0.9 - Missing Authorization to Authenticated (Subscriber+) Form Submissions Excel ExportEPSS 0.3%CVE-2024-13801HIGHBWL Advanced FAQ Manager <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options UpdateEPSS 0.3%CVE-2025-11988MEDIUMCrypto Tool <= 2.22 - Missing Authentication to Unauthenticated Limited File DeletionEPSS 0.3%CVE-2025-24662MEDIUMWordPress LearnDash LMS Plugin <= 4.20.0.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-42137HIGHKirby: `pages.access/list` and `files.access/list` permissions are not consistently checked in the REST API and changes dialogEPSS 0.3%CVE-2026-27457MEDIUMWeblate: Missing access control for the AddonViewSet API exposes all addon configurationsEPSS 0.3%CVE-2025-14364HIGHDemo Importer Plus <= 2.0.8 - Missing Authorization to Authenticated (Subscriber+) Site Reset and Privilege EscalationEPSS 0.3%CVE-2026-27071CRITICALWordPress WPCafe plugin <= 3.0.7 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-53345HIGHWordPress Thim Core plugin <= 2.3.3 - Arbitrary Plugin Installation vulnerabilityEPSS 0.3%CVE-2026-3570MEDIUMSmarter Analytics <= 2.0 - Missing Authorization to Unauthenticated Plugin Settings Reset via 'reset' ParameterEPSS 0.3%CVE-2026-22485MEDIUMWordPress My Album Gallery plugin <= 1.0.4 - Arbitrary File Deletion vulnerabilityEPSS 0.3%CVE-2025-24461MEDIUMIn JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpointEPSS 0.3%CVE-2026-56341HIGHAVideo - Unauthenticated Access to Payment Log DataTables Endpoints via list.json.phpEPSS 0.3%CVE-2025-26374MEDIUMA CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allEPSS 0.3%CVE-2026-39910CRITICALSTACKIT IaaS API Privilege Escalation via Service Account AttachmentEPSS 0.3%CVE-2025-11369MEDIUMEssential Blocks <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information DisclosureEPSS 0.3%CVE-2025-11726MEDIUMBeaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Global Preset ModificationEPSS 0.3%CVE-2026-2826MEDIUMKadence Blocks — Page Builder Toolkit for Gutenberg Editor <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media UploadEPSS 0.3%