Falhas do tipo CWE-862
7.016 resultadosCVE-2026-53643HIGHFOSSBilling allows low-privileged staff accounts to perform unauthorized actions via admin API endpointsEPSS 0.2%CVE-2025-26656MEDIUMMissing Authorization check in S/4HANA (Manage Purchasing Info Records)EPSS 0.2%CVE-2025-9219MEDIUMPost SMTP <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Option UpdateEPSS 0.2%CVE-2025-15475MEDIUMPayHere Payment Gateway Plugin for WooCommerce <= 2.3.9 - Missing Authorization to Unauthenticated Order Status ModificationEPSS 0.2%CVE-2025-23656MEDIUMWordPress Donate visa plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-23188MEDIUMMissing Authorization check in SAP S/4HANA (RBD)EPSS 0.2%CVE-2025-62013MEDIUMWordPress UiChemy plugin <= 4.0.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-24633MEDIUMWordPress Add Expires Headers & Optimized Minify plugin <= 3.2.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-62915MEDIUMWordPress SMS Contact Form 7 Notifications by ClickSend plugin <= 1.4.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-24613MEDIUMWordPress Ecwid Shopping Cart plugin <= 7.0.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-8692MEDIUMVedrixa Forms <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Structure Modification via wefb_save_form_structure AJAX ActionEPSS 0.2%CVE-2026-45212MEDIUMWordPress Asset CleanUp: Page Speed Booster plugin <= 1.4.0.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-13790MEDIUMScada-LTS cross-site request forgeryEPSS 0.2%CVE-2026-35631HIGHOpenClaw < 2026.3.22 - Missing Authorization Enforcement in Internal ACP Chat CommandsEPSS 0.2%CVE-2025-62122MEDIUMWordPress Trash Duplicate and 301 Redirect plugin <= 1.9.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-32586MEDIUMWordPress Booster for WooCommerce plugin < 7.11.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-62928MEDIUMWordPress SEO Meta Description Updater plugin <= 1.2.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2023-5165HIGHDocker Desktop before 4.23.0 allows Enhanced Container Isolation bypass via debug shellEPSS 0.2%CVE-2025-58816LOWWordPress Product Carousel Slider for Elementor Plugin <= 2.1.3 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2026-32340MEDIUMWordPress Business One Page theme <= 1.3.2 - Broken Access Control vulnerabilityEPSS 0.2%