Fallos del tipo CWE-862

7033 resultados
CVE-2025-53857LOWLack of Authorization on Get Channel Subscriptions for Autocomplete in Mattermost Confluence PluginEPSS 0.2%CVE-2026-10616MEDIUMnextlevelbuilder GoClaw Team Task Completion team_tasks_lifecycle.go TeamTasksTool.executeComplete authorizationEPSS 0.2%CVE-2026-31942HIGHLibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite other users' API keysEPSS 0.2%CVE-2025-62048MEDIUMWordPress SmartCrawl plugin <= 3.14.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-25312HIGHWordPress EventPrime plugin <= 4.2.8.3 - Payment Bypass vulnerabilityEPSS 0.2%CVE-2025-54458MEDIUMUnauthorized Subscription Creation to Confluence Space in Mattermost Confluence PluginEPSS 0.2%CVE-2025-54018MEDIUMWordPress CM Pop-Up banners plugin <= 1.8.4 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-69012MEDIUMWordPress Event Organiser plugin <= 3.12.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-44001MEDIUMUnauthorized Channel Subscription Read in Mattermost Confluence PluginEPSS 0.2%CVE-2025-66058MEDIUMWordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-15511MEDIUMRupantorpay <= 2.0.0 - Missing Authorization to Unauthenticated Order Status ModificationEPSS 0.2%CVE-2025-66100MEDIUMWordPress RestroPress plugin <= 3.2.3.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-26655LOWMissing Authorization check in SAP JIT(Outbound)EPSS 0.2%CVE-2025-69363MEDIUMWordPress Responsive Addons for Elementor plugin <= 2.0.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-25244MEDIUMMissing Authorization Check in SAP Business Warehouse (Process Chains)EPSS 0.2%CVE-2026-1797MEDIUMTruebooker - Appointment Booking and Scheduler Plugin <= 1.1.4 - Sensitive Information Exposure via Views FilesEPSS 0.2%CVE-2025-68498MEDIUMWordPress JetTabs plugin <= 2.2.12 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-5163MEDIUMMissing authorization check in AI message rewrite endpoint allows access to private thread contentEPSS 0.2%CVE-2026-24309MEDIUMMissing Authorization check in SAP NetWeaver Application Server for ABAPEPSS 0.2%CVE-2026-12238MEDIUMWP Go Maps <= 10.1.01 - Unauthenticated Arbitrary Record CreationEPSS 0.2%