Fallos del tipo CWE-862

7050 resultados
CVE-2026-39680MEDIUMWordPress Diet Calorie Calculator plugin <= 1.1.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39662MEDIUMWordPress Product Price by Formula for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14103MEDIUMMissing Authorization in GitLabEPSS 0.2%CVE-2026-39561MEDIUMWordPress Revive.so plugin <= 2.0.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39657MEDIUMWordPress leadlovers forms plugin <= 1.0.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-27484LOWOpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flowsEPSS 0.2%CVE-2025-42960MEDIUMMissing Authorization Check in SAP Business Warehouse and SAP BW/4HANA BEx ToolsEPSS 0.2%CVE-2026-32410MEDIUMWordPress WBW Currency Switcher for WooCommerce plugin <= 2.2.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-27954MEDIUMLiveHelperChat has department-level authorization bypass in holdaction, blockuser, and transferchat endpointsEPSS 0.2%CVE-2025-14064MEDIUMBuddyTask <= 1.3.0 - Missing Authorization to Authenticated (Subscriber+) Cross-Group Task Board Access and ManipulationEPSS 0.2%CVE-2026-39624MEDIUMWordPress Biolife theme <= 3.2.3 - Arbitrary Shortcode Execution vulnerabilityEPSS 0.2%CVE-2026-39535MEDIUMWordPress Display Eventbrite Events plugin <= 6.5.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-40132MEDIUMMissing Authorization Check in SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard)EPSS 0.2%CVE-2026-57645HIGHWordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-7782HIGHWP JobHunt <= 7.7 - Missing Authorization to Authenticated (Candidate+) Stored Cross-Site Scripting via 'status'EPSS 0.2%CVE-2026-28071MEDIUMWordPress pixfort Core plugin <= 3.2.22 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-68577MEDIUMWordPress Virusdie plugin <= 1.1.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-54027MEDIUMLibreChat: Image Upload Route Bypasses Agent Permission Check — Incomplete Fix for File Upload AuthorizationEPSS 0.2%CVE-2025-64520MEDIUMGLPI vulnerable to unauthorized access to restricted Knowledge Base items through the APIEPSS 0.2%CVE-2025-9549MEDIUMFacets - Moderately critical - Information Disclosure - SA-CONTRIB-2025-099EPSS 0.2%