Falhas do tipo CWE-862

7.039 resultados
CVE-2025-11991MEDIUMJetFormBuilder <= 3.5.3 - Missing Authorization to Unauthenticated Form GenerationEPSS 0.2%CVE-2025-39561MEDIUMWordPress LoginWP - Pro Plugin <= 4.0.8.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-30920HIGHOneUptime has broken access control in GitHub App installation flow that allows unauthorized project bindingEPSS 0.2%CVE-2026-57812MEDIUMWordPress Simply Schedule Appointments plugin <= 1.6.12.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-13643LOWMongoDB Server may allow queries to be terminated by unauthorized usersEPSS 0.2%CVE-2026-12471MEDIUMSpexo <= 2.0.11 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin ActivationEPSS 0.2%CVE-2026-57340MEDIUMWordPress Japanized For WooCommerce plugin <= 2.9.12 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-3072MEDIUMMedia Library Assistant <= 3.33 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Taxonomy ModificationEPSS 0.2%CVE-2026-45550CRITICALRoxy-WI: IDOR on PUT /smon/check — any user can rewrite any tenant's monitoring URL/IP/bodyEPSS 0.2%CVE-2026-9240MEDIUMColissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Shipment Modification via lpc_order_affect AJAX actionEPSS 0.2%CVE-2026-11340HIGHAuthorization Bypass in HAVELSAN's Open Source Project Liman MYSEPSS 0.2%CVE-2025-2902HIGHImproper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage PlatformEPSS 0.2%CVE-2026-39713MEDIUMWordPress Mailercloud – Integrate webforms and synchronize website contacts plugin <= 1.0.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-45243MEDIUMSummarize < 0.15.1 Browser Extension Missing Authorization via Content ScriptEPSS 0.2%CVE-2026-54842HIGHWordPress Royal MCP plugin <= 1.4.25 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-10901MEDIUMOriginality.ai AI Checker <= 1.0.16 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'ai_get_table'EPSS 0.2%CVE-2026-39707MEDIUMWordPress Accept PayPal Payments using Contact Form 7 plugin <= 4.0.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-64375MEDIUMWordPress WP Social Ninja plugin <= 3.20.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-0497MEDIUMMissing Authorization check in Business Server Pages Application (Product Designer Web UI)EPSS 0.2%CVE-2026-40730MEDIUMWordPress ThemeGrill Demo Importer plugin <= 2.0.0.6 - Broken Access Control vulnerabilityEPSS 0.2%