Falhas do tipo CWE-862

7.050 resultados
CVE-2026-25460MEDIUMWordPress Ave Core plugin <= 2.9.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-9549MEDIUMFacets - Moderately critical - Information Disclosure - SA-CONTRIB-2025-099EPSS 0.2%CVE-2026-28071MEDIUMWordPress pixfort Core plugin <= 3.2.22 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-68577MEDIUMWordPress Virusdie plugin <= 1.1.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-54027MEDIUMLibreChat: Image Upload Route Bypasses Agent Permission Check — Incomplete Fix for File Upload AuthorizationEPSS 0.2%CVE-2025-64520MEDIUMGLPI vulnerable to unauthorized access to restricted Knowledge Base items through the APIEPSS 0.2%CVE-2025-59591MEDIUMWordPress wpDiscuz Plugin <= 7.6.33 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2025-15565MEDIUMNexi XPay <= 8.3.0 - Missing Authorization to Unauthenticated Order Status ModificationEPSS 0.2%CVE-2025-13391MEDIUMProduct Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) <= 4.9.60 - Missing Authorization to Unauthenticated Arbitrary Attachment and Dropbox File DeletionEPSS 0.2%CVE-2025-64269MEDIUMWordPress WooCommerce PDF Invoice Builder plugin <= 1.2.150 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-42913LOWMissing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application)EPSS 0.2%CVE-2026-32486MEDIUMWordPress Travel Booking theme <= 1.3.9 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-40722MEDIUMWordPress Yoast SEO Premium plugin <= 26.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-15466MEDIUMImage Photo Gallery Final Tiles Grid <= 3.6.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery ManagementEPSS 0.2%CVE-2026-42640MEDIUMWordPress Classified Listing plugin <= 5.3.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-43638MEDIUMBitwarden Server < 2026.4.1 Missing Authorization via Organization Cipher ImportEPSS 0.2%CVE-2025-15043MEDIUMThe Events Calendar <= 6.15.13 - Missing Authorization to Authenticated (Subscriber+) Data Migration ControlEPSS 0.2%CVE-2025-68521MEDIUMWordPress WpStream plugin <= 4.9.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-42914LOWMissing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application)EPSS 0.2%CVE-2025-22178MEDIUMJira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of senEPSS 0.2%