Fallos del tipo CWE-862

7075 resultados
CVE-2026-21716LOWAn incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permissioEPSS 0.2%CVE-2026-54029MEDIUMLibreChat: IDOR in Message Deletion — Incomplete Fix for CVE-2024-41703 Leaves deleteMessages() Without User FilterEPSS 0.2%CVE-2026-1745MEDIUMSourceCodester Medical Certificate Generator App cross-site request forgeryEPSS 0.2%CVE-2026-13240MEDIUMParagraphs - Less critical - Access bypass - SA-CONTRIB-2026-060EPSS 0.2%CVE-2023-45242MEDIUMSensitive information disclosure due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (LinuxEPSS 0.2%CVE-2026-48941MEDIUMJoomla Extension - getk2.org - Unauthenticated folder delete in K2 extension for Joomla < 2.26EPSS 0.2%CVE-2026-14800MEDIUMimhamzaazam ecommerceFlask cross-site request forgeryEPSS 0.2%CVE-2026-13239MEDIUMWissKI - Critical - Access bypass - SA-CONTRIB-2026-059EPSS 0.2%CVE-2026-13241MEDIUMParagraphs - Moderately critical - Access bypass - SA-CONTRIB-2026-061EPSS 0.2%CVE-2026-59523MEDIUMWordPress Simply Schedule Appointments plugin <= 1.6.11.11 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-58981MEDIUMWordPress Accessibility Checker by Equalize Digital Plugin <= 1.31.0 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2023-48683HIGHSensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect CEPSS 0.2%CVE-2026-6472MEDIUMPostgreSQL CREATE TYPE does not check multirange schema CREATE privilegeEPSS 0.2%CVE-2026-23688MEDIUMMissing Authorization check in SAP Fiori App (Manage Service Entry Sheets - Lean Services)EPSS 0.2%CVE-2024-31118MEDIUMWordPress SP Project & Document Manager plugin <= 4.70 - Broken Access Control to XSS vulnerabilityEPSS 0.2%CVE-2025-67592MEDIUMWordPress My Calendar plugin <= 3.6.16 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-14370MEDIUMQuote Comments <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings UpdateEPSS 0.2%CVE-2025-15476MEDIUMThe Bucketlister <= 0.1.5 - Missing Authorization to Authenticated (Subscriber+) Bucket List ModificationEPSS 0.2%CVE-2026-27676MEDIUMMissing Authorization check in SAP S/4HANA OData Service (Manage Technical Object Structures)EPSS 0.2%CVE-2026-27673MEDIUMMissing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise)EPSS 0.2%