Fallos del tipo CWE-862

7033 resultados
CVE-2026-48500MEDIUMFilament: Unauthenticated temporary file upload on auth pagesEPSS 0.2%CVE-2025-13679MEDIUMTutor LMS <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_detailsEPSS 0.2%CVE-2026-4063MEDIUMSocial Icons Widget & Block <= 4.5.8 - Missing Authorization to Authenticated (Subscriber+) Sharing Configuration CreationEPSS 0.2%CVE-2025-53571MEDIUMWordPress HAPPY plugin <= 1.0.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-54744MEDIUMWordPress MasterStudy LMS plugin <= 3.6.15 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14065MEDIUMSimple Bike Rental <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Booking Data ExposureEPSS 0.2%CVE-2026-45371HIGHSiYuan: SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIsEPSS 0.2%CVE-2026-44751HIGHMissing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP PlatformEPSS 0.2%CVE-2025-14074MEDIUMPDF for Contact Form 7 + Drag and Drop Template Builder <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post DuplicationEPSS 0.2%CVE-2026-4127MEDIUMSpeedup Optimization <= 1.5.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via 'speedup01_enabled' AJAX ActionEPSS 0.2%CVE-2025-5692MEDIUMLead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Many ActionsEPSS 0.2%CVE-2026-50282MEDIUMCraft CMS: Unauthorized Deletion of Destination Folders During Forced MovesEPSS 0.2%CVE-2024-11916HIGHThe Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-47709MEDIUMEnterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-055EPSS 0.2%CVE-2026-33425MEDIUMDiscourse has inferable private group membership or existence via exclude_groups parameterEPSS 0.2%CVE-2026-1148MEDIUMSourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System cross-site request forgeryEPSS 0.2%CVE-2026-62191HIGHOpenClaw 2026.6.6 < 2026.6.9 Authorization Bypass via Message MutationsEPSS 0.2%CVE-2025-54018MEDIUMWordPress CM Pop-Up banners plugin <= 1.8.4 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-14117MEDIUMfit2cloud Halo cross-site request forgeryEPSS 0.2%CVE-2025-62048MEDIUMWordPress SmartCrawl plugin <= 3.14.3 - Broken Access Control vulnerabilityEPSS 0.2%