Falhas do tipo CWE-862

6.804 resultados
CVE-2023-35937MEDIUMMetersphere missing permission checkEPSS 0.6%CVE-2025-68043HIGHWordPress LottieFiles plugin <= 3.0.0 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2023-0718MEDIUMWicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folderEPSS 0.6%CVE-2022-41246MEDIUMA missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permissionEPSS 0.6%CVE-2024-43662MEDIUMAuthenticated arbitrary file upload to /tmp/ and /tmp/upload/EPSS 0.6%CVE-2025-24245CRITICALThis issue was addressed by adding a delay between verification code attempts. This issue is fixed in macOS Sequoia 15.4. A malicious app maEPSS 0.6%CVE-2024-1371MEDIUMLeadConnector <= 1.7 - Missing Authorization to Unauthenticated Arbitrary Post DeletionEPSS 0.6%CVE-2024-1181MEDIUMComing Soon, Under Construction & Maintenance Mode By Dazzler <= 2.1.2 - Maintenance Mode BypassEPSS 0.6%CVE-2023-26562MEDIUMIn Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured fEPSS 0.6%CVE-2022-2369YaySMTP < 2.2.1 - Subscriber+ Logs DisclosureEPSS 0.6%CVE-2024-0447MEDIUMArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Missing Authorization to Settings UpdateEPSS 0.6%CVE-2024-2702HIGHWordPress Olive One Click Demo Import plugin <= 1.1.1 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2024-54289MEDIUMWordPress Awesome Support plugin <= 6.3.1 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2024-3601MEDIUMPoll Maker – Best WordPress Poll Plugin <= 5.1.8 - Missing Authorization to Unauthenticated Email EnumerationEPSS 0.6%CVE-2024-1587MEDIUMNewsmatic <= 1.3.4 - Unauthenticated Information Exposure via newsmatic_filter_posts_load_tab_contentEPSS 0.6%CVE-2025-10706HIGHClassified Pro <= 1.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin InstallationEPSS 0.6%CVE-2024-31358HIGHWordPress 5 Stars Rating Funnel plugin <= 1.2.67 - Arbitrary Content Deletion vulnerabilityEPSS 0.6%CVE-2025-5304CRITICALPT Project Notebooks 1.0.0 - 1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via wpnb_pto_new_users_add FunctionEPSS 0.6%CVE-2025-2025MEDIUMGive <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings FunctionEPSS 0.6%CVE-2024-25912CRITICALWordPress MoveTo plugin <= 6.2 - Unauthenticated Arbitrary WordPress Settings Change vulnerabilityEPSS 0.6%