Falhas do tipo CWE-862

6.883 resultados
CVE-2024-13655HIGHFlex Mag - Responsive WordPress News Theme <= 3.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option DeletionEPSS 0.3%CVE-2025-30897MEDIUMWordPress Analytify plugin <= 5.5.1 - Settings Change vulnerabilityEPSS 0.3%CVE-2024-37415MEDIUMWordPress E2Pdf plugin <= 1.20.27 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-27361HIGHWordPress Responsive Posts Carousel Pro plugin <= 15.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-3555HIGHSocial Link Pages: link-in-bio landing pages for your social media profiles <= 1.6.9 - Missing Authorization to Arbitrary Page Creation and Cross-Site ScriptingEPSS 0.3%CVE-2025-13063MEDIUMDinukaNavaratna Dee Store authorizationEPSS 0.3%CVE-2024-5126HIGHImproper Access Control in lunary-ai/lunaryEPSS 0.3%CVE-2026-9230MEDIUMQuiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Quiz Modification and Email Reroute via Leaked Nonce from /quiz/structureEPSS 0.3%CVE-2024-10520MEDIUMWP Project Manager <= 2.6.14 - Missing Authorization to Project Milestone and Task Creation/DeletionEPSS 0.3%CVE-2026-3488MEDIUMWP Statistics <= 14.16.4 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure and Privacy Audit ManipulationEPSS 0.3%CVE-2024-32824MEDIUMWordPress Evergreen Content Poster plugin <= 1.4.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-25742MEDIUMZulip: Anonymous File Access After Disabling Spectator AccessEPSS 0.3%CVE-2026-33304MEDIUMOpenEMR has Authorization Bypass in Dated Reminders LogEPSS 0.3%CVE-2025-43004MEDIUMSecurity Misconfiguration Vulnerability in SAP Digital Manufacturing (Production Operator Dashboard)EPSS 0.3%CVE-2025-49348MEDIUMWordPress Hype plugin <= 1.0.5 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-28920MEDIUMWordPress Responsive Google Map plugin <= 3.1.5 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-28492MEDIUMWordPress Calendar Event Multi View plugin <= 1.4.10 - Missing Authorization Leading To Feedback Submission vulnerabilityEPSS 0.3%CVE-2026-44326CRITICALfree5GC: NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptionsEPSS 0.3%CVE-2025-26961HIGHWordPress Fresh Framework plugin <= 1.70.0 - Unauthenticated Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-24364MEDIUMWordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerabilityEPSS 0.3%