Fallos del tipo CWE-862

7062 resultados
CVE-2024-40839LOWThis issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical accesEPSS 0.2%CVE-2025-46258MEDIUMWordPress Element Pack Pro Plugin < 8.0.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2023-20909MEDIUMIn multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to loEPSS 0.2%CVE-2026-42753HIGHWordPress WCFM Membership plugin <= 2.11.10 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-47728MEDIUMBugsink: Project scoping missing in sourcemap and debug-file lookupEPSS 0.2%CVE-2026-1254MEDIUMModula Image Gallery – Photo Grid & Video Gallery <= 2.13.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post/Page EditingEPSS 0.2%CVE-2026-44794MEDIUMNautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to referenceEPSS 0.2%CVE-2024-54020LOWA missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated aEPSS 0.2%CVE-2026-3638MEDIUMImproper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authentEPSS 0.2%CVE-2026-24190HIGHNVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GEPSS 0.2%CVE-2026-40740MEDIUMWordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-8042LOWRapid7 Insight Platform Unauthorized Empty Group CreationEPSS 0.2%CVE-2025-43331MEDIUMA downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to acceEPSS 0.2%CVE-2024-14032HIGHTwitch Studio LauncherHelper XPC Missing Authorization to Root File WriteEPSS 0.2%CVE-2022-42479MEDIUMWordPress Soledad premium theme <= 8.2.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-33290MEDIUMWPGraphQL Repo's updateComment allows low-privileged authenticated users to change comment moderation status (comment_approved) without moderate_comments permissionEPSS 0.2%CVE-2025-64219MEDIUMWordPress Business Directory plugin <= 6.4.18 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-57921MEDIUMIn JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpointEPSS 0.2%CVE-2026-24997MEDIUMWordPress Wired Impact Volunteer Management plugin <= 2.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-62747MEDIUMWordPress Featured Image Generator plugin <= 1.3.4 - Broken Access Control vulnerabilityEPSS 0.2%