Falhas do tipo CWE-862
6.958 resultadosCVE-2026-24604MEDIUMWordPress Simple GDPR Cookie Compliance plugin <= 2.0.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-49956HIGHHermes WebUI < 0.51.269 Profile Isolation Bypass via sessions searchEPSS 0.3%CVE-2026-57946MEDIUMInvidious - Private Playlist Disclosure via Unauthenticated RSS Feed EndpointEPSS 0.3%CVE-2025-11228MEDIUMGiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign AssociationEPSS 0.3%CVE-2024-13526MEDIUMEventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees ExportEPSS 0.3%CVE-2026-24603MEDIUMWordPress Universal Google Adsense and Ads manager plugin <= 1.1.8 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-46628MEDIUMWordPress WP Word Count plugin <= 3.2.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-5018HIGHHive Support <= 1.2.5 - Authenticated (Subscriber+) Missing Authorization via hs_update_ai_chat_settings and hive_lite_support_get_all_binboxEPSS 0.3%CVE-2025-24654HIGHWordPress Squirrly SEO plugin <= 12.4.07 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-35660HIGHOpenClaw < 2026.3.23 - Insufficient Access Control in Gateway Agent Session ResetEPSS 0.3%CVE-2026-11592MEDIUMEmail Subscribers & Newsletters <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification via ig_es_handle_request AJAX ActionEPSS 0.3%CVE-2025-42983HIGHMissing Authorization check in SAP Business Warehouse and SAP Plug-In BasisEPSS 0.3%CVE-2023-7288MEDIUMPaytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'update_profile_preference'EPSS 0.3%CVE-2025-63018MEDIUMWordPress Bard theme <= 2.229 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-54470MEDIUMA logic issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. An attackerEPSS 0.3%CVE-2026-25714MEDIUMGitea user organization API bypasses public-only token filteringEPSS 0.3%CVE-2025-54741MEDIUMWordPress Super Blank Plugin <= 1.2.0 - Arbitrary Content Deletion VulnerabilityEPSS 0.3%CVE-2025-15347HIGHCreator LMS – The LMS for Creators, Coaches, and Trainers <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options UpdateEPSS 0.3%CVE-2025-43805MEDIUMLiferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, and 7.3 GA throughEPSS 0.3%CVE-2023-47807MEDIUMWordPress 10WebAnalytics plugin <= 1.2.12 - Broken Access Control vulnerabilityEPSS 0.3%