Fallos del tipo CWE-639

1528 resultados

CVE-2024-10215CRITICALWPBookit <= 1.6.4 - Unauthenticated Arbitrary User Password ChangeEPSS 0.6%CVE-2022-1600—YOP Poll < 6.4.3 - IP SpoofingEPSS 0.6%CVE-2026-31874CRITICALTaskosaur Improper Role Assignment via Parameter Manipulation in User RegistrationEPSS 0.6%CVE-2024-10174HIGHWP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.13 - Insecure Direct Object Reference to Unauthenticated Authorization BypassEPSS 0.6%CVE-2025-34140HIGHETQ Reliance CG/NXG API Authorization Bypass via ;localized-text URI SuffixEPSS 0.6%CVE-2025-3810CRITICALWPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account TakeoverEPSS 0.6%CVE-2025-3811CRITICALWPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email UpdateEPSS 0.6%CVE-2021-24800—DW Question & Answer Pro <= 1.3.4 - Arbitrary Comment Edition via IDOREPSS 0.6%CVE-2026-5465HIGHAmelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' ParameterEPSS 0.6%CVE-2026-1992HIGHExactMetrics 8.6.0 - 9.0.2 - Authenticated (Custom) Insecure Direct Object Reference to Arbitrary Plugin InstallationEPSS 0.6%CVE-2022-34150HIGHICSA-22-200-01 MiCODUS MV720 GPS tracker Authorization Bypass Through User-Controlled KeyEPSS 0.6%CVE-2026-38529HIGHA Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attEPSS 0.6%CVE-2024-2472CRITICALLatePoint Plugin <= 4.9.9 - Missing Authorization and Sensitive Information Exposure via IDOREPSS 0.6%CVE-2024-2543MEDIUMPlugin Permalink <= 2.4.3.1 - Missing Authorization via get_uri_editorEPSS 0.6%CVE-2024-40395MEDIUMAn Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardlessEPSS 0.6%CVE-2026-5246MEDIUMCesanta Mongoose P-384 Public Key mongoose.c mg_tls_verify_cert_signature authorizationEPSS 0.6%CVE-2024-0839MEDIUMFeedWordPress <= 2022.0222 - Insecure Direct Object RefereceEPSS 0.6%CVE-2022-2080—Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOREPSS 0.6%CVE-2018-17455HIGHAn issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sEPSS 0.6%CVE-2020-36895HIGHEIBIZ i-Media Server Digital Signage 3.8.0 Unauthenticated Configuration DisclosureEPSS 0.6%

← anteriorpágina 11 / 77siguiente →