Fallos del tipo CWE-862

7075 resultados
CVE-2026-33420MEDIUMVaultwarden missing authorization check allows Manager-role users to enumerate all collectionsEPSS 0.2%CVE-2025-62091MEDIUMWordPress Serial Codes Generator and Validator with WooCommerce Support plugin <= 2.8.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-48783MEDIUMPostiz has an unauthenticated billing-enforcement bypass via /public/modify-subscriptionEPSS 0.2%CVE-2026-24622MEDIUMWordPress Suggestion Toolkit plugin <= 5.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-61958MEDIUMWordPress License Manager for WooCommerce plugin <= 3.0.17 - Arbitrary Content Deletion vulnerabilityEPSS 0.2%CVE-2026-25021MEDIUMWordPress Mizan Demo Importer plugin <= 0.1.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-24312MEDIUMMissing authorization check in SAP Business WorkflowEPSS 0.2%CVE-2026-22517MEDIUMWordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-45210MEDIUMWordPress Broadstreet Ads plugin <= 1.52.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-62108MEDIUMWordPress Add Custom Codes plugin <= 4.80 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66149MEDIUMWordPress UnGrabber plugin <= 3.1.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-24944MEDIUMWordPress Subscribe2 plugin <= 10.44 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-62888MEDIUMWordPress WP Attachments plugin <= 5.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-2463MEDIUMUnauthorized access to invite ID during team creationEPSS 0.2%CVE-2026-61968MEDIUMWordPress myCred plugin <= 3.1.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-10085MEDIUMOrdinary group/direct message member can enable group_constrained and remove all channel participantsEPSS 0.2%CVE-2026-57293MEDIUMAn incorrect permission check in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers with global Item/Configure permissiEPSS 0.2%CVE-2025-42915MEDIUMMissing Authorization Check in Fiori app (Manage Payment Blocks)EPSS 0.2%CVE-2025-68479HIGHDiscourse subscriptions are susceptible to takeoverEPSS 0.2%CVE-2026-12988MEDIUMWP 2FA < 3.1.1.2 - Account Takeover via 2FA Setup Email BindingEPSS 0.2%