Fallos del tipo CWE-862
7075 resultadosCVE-2025-59544MEDIUMChamilo: Unauthorized access to update category of any userEPSS 0.2%CVE-2026-34722MEDIUMZammad is missing authorization in ticket create endpointEPSS 0.2%CVE-2026-57925MEDIUMIn JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tagsEPSS 0.2%CVE-2022-20504MEDIUMIn multiple locations of DreamManagerService.java, there is a missing permission check. This could lead to local escalation of privilege andEPSS 0.2%CVE-2026-57297MEDIUMA missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read peEPSS 0.2%CVE-2026-32527MEDIUMWordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-13859MEDIUMAffiliateX 1.0.0 - 1.3.9.3 - Authenticated (Subscriber+) Missing Authorization to Stored Cross-Site Scripting via save_customization_settingsEPSS 0.2%CVE-2023-41656MEDIUMWordPress Better Elementor Addons plugin <= 1.3.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-27351MEDIUMWordPress Crew HRM plugin <= 1.2.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-2458MEDIUMUnauthorized channel enumeration in private teams after member removalEPSS 0.2%CVE-2026-25011MEDIUMWordPress WP Custom Admin Interface plugin <= 7.41 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39592MEDIUMWordPress DEPART plugin <= 1.0.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39614MEDIUMWordPress JW Player for WordPress plugin <= 2.3.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2022-20529LOWIn multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This couldEPSS 0.2%CVE-2026-32394MEDIUMWordPress PublishPress Capabilities plugin <= 2.31.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39565MEDIUMWordPress WpTravelly plugin <= 2.1.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-32388MEDIUMWordPress GLB theme <= 1.2.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39506MEDIUMWordPress AI Engine (Pro) plugin < 3.4.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39348MEDIUMOrangeHRM is Missing Authorization Checks in AbstractFileController Subclasses Expose Job Specification and Vacancy AttachmentsEPSS 0.2%CVE-2025-69361MEDIUMWordPress Post Expirator plugin <= 4.9.3 - Broken Access Control vulnerabilityEPSS 0.2%