Fallos del tipo CWE-862

6960 resultados
CVE-2025-14782MEDIUMForminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV ExportEPSS 0.3%CVE-2024-44113MEDIUMInformation Disclosure vulnerability in the SAP Business Warehouse (BEx Analyzer)EPSS 0.3%CVE-2025-54711HIGHWordPress Info Cards Plugin <= 1.0.11 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-13243MEDIUMEntity Delete Log - Moderately critical - Access bypass - SA-CONTRIB-2024-007EPSS 0.3%CVE-2026-4683MEDIUMSmartcat Translator for WPML <= 3.1.77 - Missing Authorization to Unauthenticated Plugin Settings UpdateEPSS 0.3%CVE-2026-22343HIGHWordPress WordPress Dating Theme theme <= 11.2.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-0068MEDIUMMissing Authorization check in Remote Function Call (RFC) in SAP NetWeaver Application Server ABAPEPSS 0.3%CVE-2026-47120HIGHNezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)EPSS 0.3%CVE-2025-69063HIGHWordPress New User Approve plugin <= 3.2.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-31921HIGHWordPress Product Rearrange for WooCommerce plugin <= 1.2.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-51680MEDIUMWordPress Quotes for WooCommerce plugin <= 2.0.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-11701MEDIUMZip Attachments <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment DisclosureEPSS 0.3%CVE-2025-13528MEDIUMFeedback Modal for Website <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Feedback Data Exfiltration via 'export_data' ParameterEPSS 0.3%CVE-2026-1640MEDIUMTaskbuilder <= 5.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Project/Task Comment CreationEPSS 0.3%CVE-2026-1930MEDIUMEmailchef <= 3.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings DeletionEPSS 0.3%CVE-2025-27437MEDIUMMissing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface)EPSS 0.3%CVE-2025-14078MEDIUMPAYGENT for WooCommerce <= 2.4.6 - Missing Authorization to Unauthenticated Payment Callback ManipulationEPSS 0.3%CVE-2026-56423CRITICALMISP Core: Broken access control allows instance-wide unauthorized deletion of event reports and sharing groups via bulk deletion endpointsEPSS 0.3%CVE-2026-28070MEDIUMWordPress WP eMember plugin <= v10.2.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-32126HIGHOpenEMR: Inverted ACL Condition in CDR ControllerRouter Allows Any Authenticated User to Modify/Delete Clinical Rules and PlansEPSS 0.3%