Falhas do tipo CWE-862

7.075 resultados
CVE-2026-12988MEDIUMWP 2FA < 3.1.1.2 - Account Takeover via 2FA Setup Email BindingEPSS 0.2%CVE-2025-13149MEDIUMSchedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.1 - Authenticated (Author+) Missing Authorization to Post/Page Status ModificationEPSS 0.2%CVE-2023-41750LOWSensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) beEPSS 0.2%CVE-2025-12023MEDIUMELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Ticket RestoreEPSS 0.2%CVE-2026-44770MEDIUMMissing Authorization check in SAP S/4 HANA (Create Single Payment)EPSS 0.2%CVE-2026-57954MEDIUMElide 7.1.17 - Permission Bypass in Sort Expression ValidationEPSS 0.2%CVE-2026-0486MEDIUMMissing Authorization Check in ABAP based SAP systemsEPSS 0.2%CVE-2026-27672MEDIUMMissing Authorization check in Material Master ApplicationEPSS 0.2%CVE-2026-39607MEDIUMWordPress Filter Plus plugin <= 1.1.17 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-12085MEDIUMELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash EmptyEPSS 0.2%CVE-2025-12751MEDIUMWSChat – WordPress Live Chat <= 3.1.6 - Missing Authorization to Authenticated (Subscriber+) Settings ResetEPSS 0.2%CVE-2026-32423MEDIUMWordPress Admin and Site Enhancements (ASE) plugin <= 8.4.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-23681MEDIUMMissing Authorization check in a function module in SAP Support Tools Plug-InEPSS 0.2%CVE-2026-26979NONEDiscourse: TL4 users are able to change status of restricted topicsEPSS 0.2%CVE-2025-12169MEDIUMELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.0 - Missing Authorization to Authenitcated (Subscriber+) to Scheduled Trigger DeletionEPSS 0.2%CVE-2025-12022MEDIUMELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash RestoreEPSS 0.2%CVE-2022-20504MEDIUMIn multiple locations of DreamManagerService.java, there is a missing permission check. This could lead to local escalation of privilege andEPSS 0.2%CVE-2026-57925MEDIUMIn JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tagsEPSS 0.2%CVE-2026-57297MEDIUMA missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read peEPSS 0.2%CVE-2026-57299MEDIUMMissing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permEPSS 0.2%