Fallos del tipo CWE-862

7035 resultados
CVE-2026-2373MEDIUMRoyal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents ExposureEPSS 0.2%CVE-2025-69024MEDIUMWordPress BizPrint plugin <= 4.6.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-12372MEDIUMThe Permalinks Cascade <= 2.2 - Missing Authorization To Authenticated (Subscriber+) Plugin Settings UpdateEPSS 0.2%CVE-2026-39360MEDIUMRustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltrationEPSS 0.2%CVE-2026-0503MEDIUMMissing Authorization check in in SAP ERP Central Component and SAP S/4HANA (SAP EHS Management)EPSS 0.2%CVE-2026-24616MEDIUMWordPress WP Popups plugin <= 2.2.0.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-11773MEDIUMCryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO <= 2.4.7 - Missing Authorization to Authenticated (Subscriber+) Contract Address UpdateEPSS 0.2%CVE-2025-67466MEDIUMWordPress Trinity Audio plugin <= 5.23.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2022-28789MEDIUMUnprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds pEPSS 0.2%CVE-2026-32331MEDIUMWordPress Textmetrics plugin <= 3.6.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-67474MEDIUMWordPress ForumWP plugin <= 2.1.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2023-45243MEDIUMSensitive information disclosure due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (LinuxEPSS 0.2%CVE-2025-49356MEDIUMWordPress Orders Chat for WooCommerce plugin <= 1.2.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-12961MEDIUMDownload Panel <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings ModificationEPSS 0.2%CVE-2026-12105MEDIUMImproper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplicationEPSS 0.2%CVE-2026-24535MEDIUMWordPress Automatic Featured Images from Videos plugin <= 1.2.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-8237MEDIUMConcrete CMS 9.5.0 and below is vulnerable to IDOR in the`/ccm/frontend/conversations/message_detail` endpointEPSS 0.2%CVE-2026-55189HIGHRustFS: FTP frontend skips IAM authorization on object readsEPSS 0.2%CVE-2025-68592MEDIUMWordPress WP Adminify plugin <= 4.0.6.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-8238MEDIUMConcrete CMS 9.5.0 and below is vulnerable to IDOR in '/ccm/frontend/conversations/message_page' allowing unauthenticated read of any conversation messageEPSS 0.2%