Fallos del tipo CWE-639
1528 resultadosCVE-2020-37094HIGHEspoCRM 5.8.5 - Privilege EscalationEPSS 0.5%CVE-2024-24312HIGHSQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the ModelEPSS 0.5%CVE-2023-32799MEDIUMWordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.3 is vulnerable to Insecure Direct Object References (IDOR)EPSS 0.5%CVE-2022-3282MEDIUMDrag and Drop Multiple File Upload < 1.3.6.5 - File Upload Size Limit BypassEPSS 0.5%CVE-2026-4330MEDIUMBlog2Social: Social Media Auto Post & Scheduler <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' ParameterEPSS 0.5%CVE-2025-14998CRITICALBranda – White Label & Branding, Free Login Page Customizer <= 3.4.24 - Unauthenticated Privilege Escalation via Account TakeoverEPSS 0.5%CVE-2023-37871HIGHWordPress WooCommerce GoCardless Gateway Plugin <= 2.5.6 is vulnerable to Insecure Direct Object References (IDOR)EPSS 0.5%CVE-2023-36238MEDIUMInsecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter.EPSS 0.5%CVE-2024-4538HIGHIDOR vulnerability in Janto Ticketing SoftwareEPSS 0.5%CVE-2023-46646MEDIUMImproper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get EPSS 0.5%CVE-2024-10497HIGHCWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an
authorized attacker to modify values outsEPSS 0.5%CVE-2026-3454MEDIUMGenerateBlocks <= 2.2.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via Dynamic Tag ReplacementsEPSS 0.5%CVE-2024-4464HIGHAuthorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 andEPSS 0.5%CVE-2024-53617MEDIUMA Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file EPSS 0.5%CVE-2021-41111MEDIUMAuthorization Bypass Through User-Controlled Key in RundeckEPSS 0.5%CVE-2023-49812MEDIUMWordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Insecure Direct Object References (IDOR)EPSS 0.5%CVE-2023-6226MEDIUMWP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 - Insecure Direct Object Reference to Information DisclosureEPSS 0.5%CVE-2023-44254MEDIUMAn authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManagerEPSS 0.5%CVE-2022-2828MEDIUMIn affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object ReferenEPSS 0.5%CVE-2024-28320HIGHInsecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows attackers to manipulate user parameters for EPSS 0.5%