Fallos del tipo CWE-862
6796 resultadosCVE-2025-10896HIGHMultiple Plugins <= Multiple Versions - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin UploadEPSS 0.5%CVE-2025-70141CRITICALSourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enfoEPSS 0.5%CVE-2024-36246CRITICALMissing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed wEPSS 0.5%CVE-2024-27910MEDIUMA vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to reboot the printer without authenticatiEPSS 0.5%CVE-2026-4299MEDIUMMainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat APIEPSS 0.5%CVE-2024-44082MEDIUMIn OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted imEPSS 0.5%CVE-2025-30821MEDIUMWordPress SNORDIAN's H5PxAPIkatchu plugin <= 0.4.14 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2021-42851MEDIUMA vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard useEPSS 0.5%CVE-2023-49831HIGHWordPress RegistrationMagic plugin <= 5.2.3.0 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-32798MEDIUMWordPress Simple Page Ordering plugin <= 2.5.0 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2026-5574MEDIUMTechnostrobe HI-LED-WR120-G2 FsBrowseClean deletefile authorizationEPSS 0.5%CVE-2024-24822MEDIUMPimcore Admin Classic Bundle permissions are not getting checked when working with tagsEPSS 0.5%CVE-2026-41352HIGHOpenClaw < 2026.3.31 - Remote Code Execution via Node Scope Gate BypassEPSS 0.5%CVE-2025-24596MEDIUMWordPress WooCommerce Product Table Lite plugin <= 3.8.7 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-41802MEDIUMWordPress Super Socializer plugin <= 7.13.54 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-29529MEDIUMmatrix-js-sdk vulnerable to invisible eavesdropping in group callsEPSS 0.5%CVE-2022-4943HIGHminiOrange's Google Authenticator <= 5.6.5 - Missing Authorization to Plugin Settings ChangeEPSS 0.5%CVE-2024-1094HIGHTimetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin <= 1.0.21 - Missing Authorization to Limited Privilege EscalationEPSS 0.5%CVE-2022-45070MEDIUMWordPress Conditional Checkout Fields for WooCommerce plugin <= 1.2.3 - Broken Authentication vulnerabilityEPSS 0.5%CVE-2023-30526MEDIUMA missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Overall/Read permission to connect to an atEPSS 0.5%