Fallos del tipo CWE-862

7006 resultados
CVE-2026-11607HIGHTYPO3 CMS - Broken Access Control in Form FrameworkEPSS 0.2%CVE-2024-12204MEDIUMCoupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing AuthorizationEPSS 0.2%CVE-2026-28193HIGHIn JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpointEPSS 0.2%CVE-2025-0954MEDIUMWP Online Contract <= 5.1.4 - Missing Authorization to Unauthenticated Settings ImportEPSS 0.2%CVE-2025-62017MEDIUMWordPress Kallyas theme <= 4.22.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-45442MEDIUMWordPress Presto Player plugin <= 4.1.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-69298HIGHWordPress Gauge theme <= 6.56.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-55070LOWA Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers toEPSS 0.2%CVE-2025-58210MEDIUMWordPress Makeaholic Theme <= 1.8.5 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-10732MEDIUMSureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information DisclosureEPSS 0.2%CVE-2025-4047MEDIUMBroken Link Checker <= 2.4.4 - Missing Autorization to Authenticated (Subscriber+) Plugin Status Dashboard ViewEPSS 0.2%CVE-2025-67548MEDIUMWordPress WP Delicious plugin <= 1.9.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-13335MEDIUMSastra Essential Addons for Elementor – Free Elementor Addons, Widgets and Templates <= 1.0.14 - Missing Authorization to Spexo Theme InstallEPSS 0.2%CVE-2025-68850HIGHWordPress Sell Downloads plugin <= 1.1.12 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-44156HIGHA path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS SequoiaEPSS 0.2%CVE-2026-42174MEDIUMKirby: User avatar creation, replacement and deletion are not gated by user update permissionsEPSS 0.2%CVE-2025-12356MEDIUMTickera – WordPress Event Ticketing <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status UpdateEPSS 0.2%CVE-2025-68036HIGHWordPress CubeWP plugin <= 1.1.27 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-55038HIGHAutomationDirect CLICK PLUS Missing AuthorizationEPSS 0.2%CVE-2025-4202MEDIUMMulticollab: Content Team Collaboration and Editorial Workflow <= 5.2 - Missing Authorization to Authenticated (Subscriber+) Collaboration CommentEPSS 0.2%