Falhas do tipo CWE-862

6.961 resultados
CVE-2025-7078MEDIUM07FLYCMS/07FLY-CMS/07FlyCRM cross-site request forgeryEPSS 0.2%CVE-2026-34245MEDIUMAVideo's Missing Authorization in Playlist Schedule Creation Allows Cross-User Broadcast HijackingEPSS 0.2%CVE-2025-49986MEDIUMWordPress Video List Manager plugin <= 1.7 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-57327MEDIUMWordPress MainWP plugin <= 6.1.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-33909MEDIUMWordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-11758MEDIUMAll in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0.3 - Missing Authorization to Page Creation and Information ExposureEPSS 0.2%CVE-2026-33413HIGHetcd: Authorization bypasses in multiple APIsEPSS 0.2%CVE-2026-32648MEDIUMAnviz Products Missing AuthorizationEPSS 0.2%CVE-2025-66525MEDIUMWordPress Elastic Email Sender plugin <= 1.2.20 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-41016HIGHMultiple vulnerabilities in DFUSION by DavantisEPSS 0.2%CVE-2025-4522MEDIUMIDonate 2.0.0 - 2.1.9 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion via admin_post_donor_delete FunctionEPSS 0.2%CVE-2025-52757MEDIUMWordPress SUMO Memberships for WooCommerce plugin < 7.8.0 - Arbitrary Content Deletion vulnerabilityEPSS 0.2%CVE-2025-13317MEDIUMAppointment Booking Calendar <= 1.3.96 - Missing Authorization to Arbitrary Booking Confirmation via 'cpabc_ipncheck' ParameterEPSS 0.2%CVE-2025-62867MEDIUMWordPress Ergonet Cache plugin <= 1.0.13 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-58711MEDIUMWordPress Blog Designer PRO plugin <= 3.4.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66527MEDIUMWordPress Lobo theme <= 2.8.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-41017MEDIUMMultiple vulnerabilities in DFUSION by DavantisEPSS 0.2%CVE-2025-8992MEDIUMmtons mblog cross-site request forgeryEPSS 0.2%CVE-2026-50284HIGHCraft CMS: Missing peer-permission check in `AssetsController::actionDeleteFolder` allows deletion of other users' assetsEPSS 0.2%CVE-2026-44392MEDIUMMissing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in EPSS 0.2%