Falhas do tipo CWE-862
7.075 resultadosCVE-2024-31118MEDIUMWordPress SP Project & Document Manager plugin <= 4.70 - Broken Access Control to XSS vulnerabilityEPSS 0.2%CVE-2025-14370MEDIUMQuote Comments <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings UpdateEPSS 0.2%CVE-2025-15476MEDIUMThe Bucketlister <= 0.1.5 - Missing Authorization to Authenticated (Subscriber+) Bucket List ModificationEPSS 0.2%CVE-2026-28195MEDIUMIn JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurationsEPSS 0.2%CVE-2023-45240MEDIUMSensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) beEPSS 0.2%CVE-2026-44592CRITICALGradient: Unauthenticated worker on /proto → arbitrary NAR write / cache poisoningEPSS 0.2%CVE-2026-27331MEDIUMWordPress WpTravelly plugin <= 2.1.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66084MEDIUMWordPress FluentCommunity plugin <= 2.0.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66106MEDIUMWordPress Featured Post Creative plugin <= 1.5.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-66087MEDIUMWordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2022-20511MEDIUMIn getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local informationEPSS 0.2%CVE-2025-41231HIGHVMware Cloud Foundation Missing Authorisation VulnerabilityEPSS 0.2%CVE-2025-14573LOWTeam Admin Bypass of Invite Permissions via allow_open_invite FieldEPSS 0.2%CVE-2023-44214MEDIUMSensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) beEPSS 0.2%CVE-2026-27091MEDIUMWordPress UiPress lite plugin <= 3.5.09 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39698MEDIUMWordPress The Publisher Desk ads.txt plugin <= 1.5.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39694MEDIUMWordPress Simply Schedule Appointments plugin <= 1.6.10.2 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2022-20522HIGHIn getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guestEPSS 0.2%CVE-2024-8272HIGHmacOS Universal Audio (UAConnect) <= 2.7.0 - Local Privilege EscalationEPSS 0.2%CVE-2026-39700MEDIUMWordPress WowOptin plugin <= 1.4.32 - Broken Access Control vulnerabilityEPSS 0.2%