Fallos del tipo CWE-639
1528 resultadosCVE-2023-49251HIGHA vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected aEPSS 0.5%CVE-2023-28656HIGHNGINX Management Suite vulnerabilityEPSS 0.5%CVE-2023-46311LOWWordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR)EPSS 0.5%CVE-2025-4796HIGHEventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account TakeoverEPSS 0.5%CVE-2021-36906LOWWordPress Quiz And Survey Master plugin <= 7.3.6 - Multiple Insecure direct object references (IDOR) vulnerabilitiesEPSS 0.5%CVE-2024-11137HIGHIDOR Vulnerability in PATCH `/v1/runs/:id/score` Endpoint in lunary-ai/lunaryEPSS 0.5%CVE-2017-20223CRITICALTelesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object ReferenceEPSS 0.5%CVE-2023-22471LOWNextcloud Deck vulnerable to authorization bypassEPSS 0.5%CVE-2023-1463MEDIUMAuthorization Bypass Through User-Controlled Key in nilsteampassnet/teampassEPSS 0.5%CVE-2025-24315MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.5%CVE-2024-43438HIGHMoodle: idor in feedback non-respondents report allows messaging arbitrary site usersEPSS 0.5%CVE-2024-10855HIGHImage Optimizer, Resizer and CDN – Sirv <= 7.3.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Option DeletionEPSS 0.5%CVE-2023-49112MEDIUMInsecure Direct Object Reference in Kiuwan SASTEPSS 0.5%CVE-2024-11167CRITICALImproper Access Control in danny-avila/librechatEPSS 0.5%CVE-2026-34444HIGHLupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattrEPSS 0.5%CVE-2025-3610HIGHReales WP STPT <= 2.1.2 - Authenticated (Subscriber+) Privilege Escalation via Password UpdateEPSS 0.5%CVE-2024-34383MEDIUMWordPress SEOPress plugin <= 7.7.1 - Sensitive Data Exposure vulnerabilityEPSS 0.5%CVE-2024-5128CRITICALIDOR Vulnerability in lunary-ai/lunaryEPSS 0.5%CVE-2022-36284MEDIUMWordPress Affiliate For WooCommerce premium plugin <= 4.7.0 - Authenticated IDOR vulnerability leading to PayPal email changeEPSS 0.5%CVE-2024-10671MEDIUMButton Block – Get fully customizable & multi-functional buttons <= 1.1.4 - Authenticated (Contributor+) Post DisclosureEPSS 0.5%