Fallos del tipo CWE-862
6730 resultadosCVE-2025-24249CRITICALA permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOEPSS 0.8%CVE-2024-10800HIGHWordPress User Extra Fields <= 16.6 - Missing Authorization to Authenticated (Subscriber+) Privilege EscalationEPSS 0.8%CVE-2026-3596CRITICALRiaxe Product Customizer <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Options Update to Privilege Escalation via 'install-imprint' AJAX ActionEPSS 0.8%CVE-2024-5820HIGHUnprotected WebSocket in stitionai/devikaEPSS 0.8%CVE-2023-3244MEDIUMComments Like Dislike <= 1.2.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Setting ResetEPSS 0.8%CVE-2023-47458CRITICALAn issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework.EPSS 0.8%CVE-2023-45828MEDIUMWordPress RumbleTalk Live Group Chat plugin <= 6.2.5 - Broken Access Control vulnerabilityEPSS 0.8%CVE-2023-22736HIGHargo-cd Controller reconciles apps outside configured namespaces when sharding is enabledEPSS 0.8%CVE-2018-25105CRITICALFile Manager <= 3.0 - Unauthenticated Arbitrary File Upload/DownloadEPSS 0.8%CVE-2023-32520HIGHWordPress WCP Contact Form plugin <= 3.1.0 - Broken Access Control vulnerabilityEPSS 0.8%CVE-2024-12955MEDIUMPHPGurukul Blood Bank & Donor Management System logout.php cross-site request forgeryEPSS 0.8%CVE-2024-22257HIGHIn Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to
5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8,
vEPSS 0.8%CVE-2024-7258HIGHWooCommerce Google Feed Manager <= 2.8.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary File DeletionEPSS 0.8%CVE-2022-32768MEDIUMMultiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7cEPSS 0.8%CVE-2023-24433MEDIUMMissing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to aEPSS 0.8%CVE-2023-24438MEDIUMA missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permisEPSS 0.8%CVE-2023-49742CRITICALWordPress Support Genix plugin <= 1.2.3 - Broken Access Control lead to Arbitrary File Upload vulnerabilityEPSS 0.8%CVE-2023-0402MEDIUMSocial Warfare <= 4.3.0 - Missing AuthorizationEPSS 0.8%CVE-2026-39816HIGHApache NiFi: Missing Execute Code Required Permission on TinkerpopClientServiceEPSS 0.8%CVE-2023-1782CRITICALNomad Unauthenticated Client Agent HTTP Request Privilege EscalationEPSS 0.8%