Falhas do tipo CWE-862

6.873 resultados
CVE-2022-2276WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post DeletionEPSS 0.3%CVE-2026-40480HIGHChurchCRM has Missing Object-Level Authorization / IDOR in `/api/person/{personId}`EPSS 0.3%CVE-2026-44482CRITICALsoundcloud-rpc: Remote Code Execution via XSS in Track TitleEPSS 0.3%CVE-2024-45760MEDIUMDell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privilegeEPSS 0.3%CVE-2026-5200HIGHAcyMailing <= 10.8.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via 'acymailing_router'EPSS 0.3%CVE-2024-35659MEDIUMWordPress KiviCare plugin <= 3.6.6 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2024-50454MEDIUMWordPress SEOPress plugin <= 8.1.1 - Unauthenticated Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-21743MEDIUMA missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthentiEPSS 0.3%CVE-2026-1942MEDIUMBlog2Social: Social Media Auto Post & Scheduler <= 8.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post ModificationEPSS 0.3%CVE-2024-31274MEDIUMWordPress EmbedPress plugin <= 3.9.11 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-31246MEDIUMWordPress PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulnerabilityEPSS 0.3%CVE-2024-56270MEDIUMWordPress WP SecureSubmit plugin <= 1.5.20 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2023-3999MEDIUMWaiting: One-click countdowns <= 0.6.2 - Missing AuthorizationEPSS 0.3%CVE-2025-26733HIGHWordPress Traveler theme < 3.2.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-24583MEDIUMWordPress 12 Step Meeting List plugin <= 3.16.5 - Settings Change vulnerabilityEPSS 0.3%CVE-2025-65021CRITICALRallly Has Unauthorized Poll Finalization via Insecure Direct Object Reference (IDOR)EPSS 0.3%CVE-2026-31245MEDIUMThe mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint (POST /memories). The endpoint alEPSS 0.3%CVE-2025-30881MEDIUMWordPress Big Store theme <= 2.0.8 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-22296MEDIUMWordPress 12 Step Meeting List plugin <= 3.14.28 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-39536HIGHWordPress JobHunt Job Alerts <= 3.6 - Arbitrary Content Deletion VulnerabilityEPSS 0.3%