Falhas do tipo CWE-862

7.074 resultados
CVE-2026-32391MEDIUMWordPress SmartFix theme < 1.2.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-32446MEDIUMWordPress Contact Form by WPForms plugin <= 1.9.9.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-13812MEDIUMGamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.6.1 - Missing Authorization to Authenticated (Subscriber+) Information ExposureEPSS 0.2%CVE-2025-14817MEDIUMFactory Mode App Exists Privilege Escalation Issue Allowing Third-Party Apps to Open ADBEPSS 0.2%CVE-2025-66108MEDIUMWordPress TNC Toolbox: Web Performance plugin <= 2.0.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-1217MEDIUMYoast Duplicate Post <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and OverwriteEPSS 0.2%CVE-2025-64729HIGHAVEVA Process Optimization Missing AuthorizationEPSS 0.2%CVE-2026-42541MEDIUMKubewarden: RBAC Reconnaissance via unchecked can_i host capability callEPSS 0.2%CVE-2026-60119MEDIUMHi.Events < 1.11.0 XSS via Event Title JSON.stringify InjectionEPSS 0.2%CVE-2026-57952MEDIUMMythic < 3.4.0.60 - Unauthorized C2 Profile Configuration Access via Unverified Payload UUIDEPSS 0.2%CVE-2025-68581MEDIUMWordPress YITH Slider for page builders plugin <= 1.0.11 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-27393MEDIUMWordPress CF7 WOW Styler plugin <= 1.7.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-25019MEDIUMWordPress Atarim plugin <= 4.3.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66105MEDIUMWordPress Bus Ticket Booking with Seat Reservation plugin < 5.6.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-43341HIGHA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be ableEPSS 0.2%CVE-2025-62091MEDIUMWordPress Serial Codes Generator and Validator with WooCommerce Support plugin <= 2.8.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-5139MEDIUMGitLab Plugin Allows Non-Admin Users to Modify Default Instance ConfigurationEPSS 0.2%CVE-2026-48783MEDIUMPostiz has an unauthenticated billing-enforcement bypass via /public/modify-subscriptionEPSS 0.2%CVE-2026-61968MEDIUMWordPress myCred plugin <= 3.1.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-33420MEDIUMVaultwarden missing authorization check allows Manager-role users to enumerate all collectionsEPSS 0.2%