Fallos del tipo CWE-862
7076 resultadosCVE-2026-0998MEDIUMMattermost Zoom Plugin allows unauthorized meeting creation and post modification via insufficient API access controlsEPSS 0.2%CVE-2026-45147MEDIUMSiYuan: Broken access control in SiYuan `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to diskEPSS 0.2%CVE-2026-25020MEDIUMWordPress WP Sync for Notion plugin <= 1.7.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-69346MEDIUMWordPress AffiliateX plugin <= 1.3.9.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-69344MEDIUMWordPress Oneline Lite theme <= 6.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-69345MEDIUMWordPress Post and Page Builder by BoldGrid plugin <= 1.27.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2022-2985HIGHIn music service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execEPSS 0.2%CVE-2026-9246MEDIUMImproper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated user with vault reaEPSS 0.2%CVE-2026-9820LOWMattermost schemes teams endpoint exposes private team invite IDsEPSS 0.2%CVE-2025-53346MEDIUMWordPress Thim Core Plugin <= 2.3.3 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-24627MEDIUMWordPress Trusona for WordPress plugin <= 2.0.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-27056MEDIUMWordPress iThemes Sync plugin <= 3.2.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-24996MEDIUMWordPress WPElemento Importer plugin <= 0.6.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-49052MEDIUMWordPress ElementsKit Elementor addons Lite plugin <= 3.9.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-69331MEDIUMWordPress Theater for WordPress plugin <= 0.19 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-26207MEDIUMDIscourse's discourse-policy plugin lacks post access checkEPSS 0.2%CVE-2022-20556LOWIn launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due EPSS 0.2%CVE-2023-1705HIGHMissing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows (bgAutoinstaller service modules) allows Privilege EscalaEPSS 0.1%CVE-2026-11719HIGHAn authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocEPSS 0.1%CVE-2025-62144MEDIUMWordPress Core Web Vitals & PageSpeed Booster plugin <= 1.0.28 - Broken Access Control vulnerabilityEPSS 0.1%