Fallos del tipo CWE-862
6816 resultadosCVE-2026-4281MEDIUMFormLift for Infusionsoft Web Forms <= 7.5.21 - Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via OAuth Connection FlowEPSS 0.5%CVE-2025-22611CRITICALCoolify vulnerable to Privilege Escalation resulting in Remote Command Execution (RCE)EPSS 0.5%CVE-2026-41349HIGHOpenClaw < 2026.3.28 - Agentic Consent Bypass via config.patchEPSS 0.5%CVE-2023-35777MEDIUMWordPress The Events Calendar plugin <= 6.1.2.2 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2026-35561CRITICALInsufficient authentication security controls in browser-based authentication components in Amazon Athena ODBC driverEPSS 0.5%CVE-2023-40376MEDIUMIBM UrbanCode Deploy (UCD) improper authentication controlsEPSS 0.5%CVE-2024-31273MEDIUMWordPress JS Help Desk plugin <= 2.8.3 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2026-33318HIGHActual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated ServersEPSS 0.5%CVE-2024-47790HIGHMissing Authorization VulnerabilityEPSS 0.5%CVE-2024-38745MEDIUMWordPress Wholesale Suite plugin <= 2.1.12 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-31275HIGHWordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerabilityEPSS 0.5%CVE-2023-38475MEDIUMWordPress Donations Made Easy – Smart Donations plugin <= 4.0.12 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-43323MEDIUMWordPress ReviewX plugin <= 1.6.28 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-51500HIGHWordPress Uncode Core plugin <= 2.8.8 - Arbitrary File Deletion vulnerabilityEPSS 0.5%CVE-2023-6696HIGHPopup Builder – Create highly converting, mobile friendly marketing popups <= 4.3.1 - Missing Authorization and Nonce ExposureEPSS 0.5%CVE-2025-30866MEDIUMWordPress Terms & Conditions Per Product plugin <= 1.2.15 - Broken Access Control VulnerabilityEPSS 0.5%CVE-2024-1122MEDIUMEvent Manager, Events Calendar, Events Tickets for WooCommerce – Eventin <= 3.3.50 - Missing Authorization to Unauthenticated Events ExportEPSS 0.5%CVE-2024-44069HIGHPi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. NOTE: the supEPSS 0.5%CVE-2024-3761CRITICALMissing Authorization on Delete Datasets in lunary-ai/lunaryEPSS 0.5%CVE-2025-54378HIGHHAX CMS Backend Lacks Comprehensive Authorization ChecksEPSS 0.5%