Fallos del tipo CWE-862

7009 resultados
CVE-2025-4105MEDIUMSplitit <= 4.2.8 - Missing Authorization to Multiple Administrative ActionsEPSS 0.2%CVE-2024-13424MEDIUMNi Sales Commission For WooCommerce <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Commission UpdateEPSS 0.2%CVE-2026-49822HIGHFission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillanceEPSS 0.2%CVE-2026-28424MEDIUMStatamic's missing authorization allows access to email addressesEPSS 0.2%CVE-2026-29072HIGHDiscourse missing permission check for policy creation in discourse-policyEPSS 0.2%CVE-2026-43572MEDIUMOpenClaw 2026.4.10 < 2026.4.14 - Missing Sender Authorization in Microsoft Teams SSO Invoke HandlerEPSS 0.2%CVE-2026-27398MEDIUMWordPress RSVP and Event Management plugin <= 2.7.16 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-24592MEDIUMWordPress Auto Affiliate Links plugin <= 6.8.8.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39655MEDIUMWordPress Mayosis Core plugin <= 5.4.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-0515MEDIUMBuzz Club – Night Club, DJ and Music Festival Event WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Option UpdateEPSS 0.2%CVE-2026-57949HIGHruoyi-vue-pro - Missing Authorization in CRM Follow-up Record GET EndpointEPSS 0.2%CVE-2026-2720MEDIUMHr Press Lite <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information ExposureEPSS 0.2%CVE-2026-25423LOWWordPress Real 3D FlipBook plugin <= 4.19.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-49821HIGHFission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltrationEPSS 0.2%CVE-2025-8739MEDIUMzhenfeng13 My-Blog save cross-site request forgeryEPSS 0.2%CVE-2025-58795MEDIUMWordPress Payoneer Checkout Plugin <= 3.4.0 - Content Spoofing VulnerabilityEPSS 0.2%CVE-2026-56668HIGHZITADEL: Unauthorized Token Privilege Escalation in OAuth2 Token ExchangeEPSS 0.2%CVE-2026-1631MEDIUMFeeds for YouTube < 2.6.4 - Subscriber+ License Data DeletionEPSS 0.2%CVE-2026-44734MEDIUMOpenProject: Improper Access Control on OpenProject through the POST request to /projects/[PROJECT_NAME]/cost_reports/[REPORT_ID]/renameEPSS 0.2%CVE-2026-27357MEDIUMWordPress WP Search Analytics plugin < 1.5.0 - Broken Access Control vulnerabilityEPSS 0.2%