Fallos del tipo CWE-862

6839 resultados
CVE-2025-70147HIGHMissing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackersEPSS 0.4%CVE-2024-11715MEDIUMWP Job Portal <= 2.2.2 - Missing Authorization to Limited Privilege EscalationEPSS 0.4%CVE-2026-25808HIGHHollo DMs get leaked and can be seen on Webfinger BrowserEPSS 0.4%CVE-2023-2078HIGHBuy Me a Coffee – Button and Widget Plugin <= 3.7 - Missing AuthorizationEPSS 0.4%CVE-2026-30823HIGHFlowise: IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO ConfigurationEPSS 0.4%CVE-2022-43431MEDIUMJenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers wiEPSS 0.4%CVE-2024-34372MEDIUMWordPress Post Grid Master plugin <= 3.4.7 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-13231MEDIUMWordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Missing Authorization to Unauthenticated Portfolio UpdateEPSS 0.4%CVE-2025-31830MEDIUMWordPress Printus Plugin <= 1.2.6 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-48222HIGHAuthenticated users can view or delete jobs they do not have authorization for in RundeckEPSS 0.4%CVE-2023-23814LOWWordPress Calendar Event Multi View plugin <= 1.4.13 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-32147HIGHWordPress Easy WP Optimizer Plugin <= 1.1.0 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-59461HIGHAPI does not require authenticationEPSS 0.4%CVE-2025-30825HIGHWordPress WPC Smart Linked Products plugin <= 1.3.5 - Privilege Escalation vulnerabilityEPSS 0.4%CVE-2023-6751HIGHHostinger <= 1.9.7 - Missing Authorization to Maintenance Mode ActivationEPSS 0.4%CVE-2022-41242MEDIUMA missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover infoEPSS 0.4%CVE-2023-30522MEDIUMA missing permission check in Jenkins Fogbugz Plugin 2.2.17 and earlier allows attackers with Item/Read permission to trigger builds of jobsEPSS 0.4%CVE-2024-10533MEDIUMWP Chat App <= 3.6.8 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin InstallationEPSS 0.4%CVE-2023-49755MEDIUMWordPress Elementor Timeline Widget plugin <= 2.2 - Notice Dismissal VulnerabilityEPSS 0.4%CVE-2023-32601MEDIUMWordPress Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.12 - Broken Access Control vulnerabilityEPSS 0.4%