Falhas do tipo CWE-862
7.076 resultadosCVE-2025-69023MEDIUMWordPress Discussion Board plugin <= 2.5.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-25459MEDIUMWordPress Sober theme <= 3.5.12 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-9246MEDIUMImproper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated user with vault reaEPSS 0.2%CVE-2022-2985HIGHIn music service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execEPSS 0.2%CVE-2025-69346MEDIUMWordPress AffiliateX plugin <= 1.3.9.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-62293MEDIUMBroken Access Control in SOPlanningEPSS 0.2%CVE-2025-69091MEDIUMWordPress Demo Importer Plus plugin <= 2.0.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-25016MEDIUMWordPress Nelio Popups plugin <= 1.3.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-0998MEDIUMMattermost Zoom Plugin allows unauthorized meeting creation and post modification via insufficient API access controlsEPSS 0.2%CVE-2025-69348MEDIUMWordPress The Events Calendar Countdown Addon plugin <= 1.4.15 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-6689MEDIUM*Missing* {{invite_user}} *permission check on team creation allows unprivileged users to set open-invite and allowed-domains team settings*EPSS 0.2%CVE-2026-3637MEDIUMMattermost fails to enforce create_post permission when editing postsEPSS 0.2%CVE-2026-24358MEDIUMWordPress Quiz And Survey Master plugin <= 10.3.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-57648MEDIUMWordPress Nelio Content plugin <= 4.3.4 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-45147MEDIUMSiYuan: Broken access control in SiYuan `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to diskEPSS 0.2%CVE-2022-20556LOWIn launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due EPSS 0.2%CVE-2026-26207MEDIUMDIscourse's discourse-policy plugin lacks post access checkEPSS 0.2%CVE-2026-11773MEDIUMMasteriyo LMS <= 2.2.1 - Missing Authorization to Authenticated (Student+) Arbitrary Course Announcement ModificationEPSS 0.1%CVE-2023-1705HIGHMissing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows (bgAutoinstaller service modules) allows Privilege EscalaEPSS 0.1%CVE-2025-62144MEDIUMWordPress Core Web Vitals & PageSpeed Booster plugin <= 1.0.28 - Broken Access Control vulnerabilityEPSS 0.1%