Fallos del tipo CWE-862

6783 resultados
CVE-2024-11848HIGHNitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options UpdateEPSS 0.6%CVE-2022-31167HIGHXWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same referenceEPSS 0.6%CVE-2025-49747CRITICALAzure Machine Learning Elevation of Privilege VulnerabilityEPSS 0.6%CVE-2024-44265HIGHThe issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, mEPSS 0.6%CVE-2023-2299MEDIUMOnline Booking & Scheduling Calendar for WordPress by vcita <= 4.4.2 - Missing Authorization on REST-APIEPSS 0.6%CVE-2023-23834MEDIUMWordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Activate_Plugin vulnerabilityEPSS 0.6%CVE-2023-4645MEDIUMAd Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai_ajaxEPSS 0.6%CVE-2023-25966MEDIUMWordPress FileBird plugin <= 5.1.4 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2023-23975MEDIUMWordPress Quick Event Manager plugin <= 9.7.4 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2023-2351MEDIUMWP Directory Kit <= 1.2.3 - Missing Authorization to Plugin Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_admin_actionEPSS 0.6%CVE-2024-56066CRITICALWordPress Agency Toolkit plugin <= 1.0.23 - Privilege Escalation vulnerabilityEPSS 0.6%CVE-2021-25084Advanced Cron Manager - Subscriber+ Arbitrary Events/Schedules Creation/DeletionEPSS 0.6%CVE-2023-25768MEDIUMA missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission tEPSS 0.6%CVE-2022-0179MEDIUMMissing Authorization in snipe/snipe-itEPSS 0.6%CVE-2022-45840MEDIUMWordPress Auto Affiliate Links plugin <= 6.2.1.5 - Unauth. Broken Access Control vulnerabilityEPSS 0.6%CVE-2021-4366MEDIUMPWA for WP & AMP < = 1.7.32 - Missing AuthorizationEPSS 0.6%CVE-2022-46796MEDIUMWordPress CURCY plugin <= 2.1.25 - Unauthenticated plugin settings change vulnerabilityEPSS 0.6%CVE-2023-41870MEDIUMWordPress WP Crowdfunding plugin <= 2.1.5 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2025-23512HIGHWordPress Team 118GROUP Agent plugin <= 1.6.0 - Arbitrary Content Deletion vulnerabilityEPSS 0.6%CVE-2023-48245MEDIUMThe vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) EPSS 0.6%