Fallos del tipo CWE-639
1528 resultadosCVE-2026-46414HIGHMicrosoft UFO WebSocket role spoofing allows authenticated peer task hijackingEPSS 0.5%CVE-2024-0872MEDIUMWatu Quiz <= 3.4.1 - Sensitive Information DisclosureEPSS 0.5%CVE-2024-9215HIGHCo-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors <= 4.7.1 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary User Email Update and Account TakeoverEPSS 0.5%CVE-2024-11284CRITICALWP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Password Reset/Account TakeoverEPSS 0.5%CVE-2024-10452LOWOrganization admins can delete pending invites created in an organization they are not part of.EPSS 0.5%CVE-2024-46937CRITICALAn improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication SEPSS 0.5%CVE-2023-36483MEDIUMMAS (a Carrier brand) MASmobile Classic Authorization BypassEPSS 0.5%CVE-2024-0580MEDIUMOmission of key-controlled authorization in QsigeEPSS 0.5%CVE-2025-10742CRITICALTruelysell Core <= 1.8.6 - Unauthenticated Arbitrary User Password ChangeEPSS 0.5%CVE-2024-1604MEDIUMIncorrect authorization in BMC Control-MEPSS 0.5%CVE-2024-10794MEDIUMBoostify Header Footer Builder for Elementor <= 1.3.6 - Authenticated (Contributor+) Post DisclosureEPSS 0.5%CVE-2024-51066HIGHAn Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allEPSS 0.5%CVE-2026-8890HIGHcode100x Mobile API Authentication Bypass via Header SpoofingEPSS 0.5%CVE-2024-50651MEDIUMjava_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs EPSS 0.5%CVE-2024-9637HIGHSchool Management System – WPSchoolPress <= 2.2.10 - Insecure Direct Object Reference to Authenticated (Teacher+) Account Takeover/Privilege EscalationEPSS 0.5%CVE-2024-5131HIGHImproper Access Control in lunary-ai/lunaryEPSS 0.5%CVE-2025-31833MEDIUMWordPress JobBoard Job listing plugin Plugin <= 1.2.8 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.5%CVE-2025-8755MEDIUMmacrozheng mall com.macro.mall.portal.controller UmsMemberController.java detail authorizationEPSS 0.5%CVE-2026-27591CRITICALWinter: Privilege escalation by authenticated backend usersEPSS 0.5%CVE-2022-40205MEDIUMWordPress wpForo Forum plugin <= 2.0.5 - Insecure direct object references (IDOR) vulnerabilityEPSS 0.5%