Fallos del tipo CWE-639
1528 resultadosCVE-2024-50693CRITICALSunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the userService APEPSS 0.5%CVE-2023-6506MEDIUMWP 2FA <= 2.5.0 - Insecure Direct Object Reference to Arbitrary Email SendingEPSS 0.5%CVE-2024-10778MEDIUMBuddyPress Builder for Elementor – BuddyBuilder <= 1.7.4 - Authenticated (Contributor+) Post DisclosureEPSS 0.5%CVE-2024-1107CRITICALIDOR in Talya Informatics' Travel APPSEPSS 0.5%CVE-2024-9687HIGHWP 2FA with Telegram <= 3.0 - Authenticated (Subscriber+) Authentication BypassEPSS 0.5%CVE-2026-33946HIGHMCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID ReplayEPSS 0.5%CVE-2026-1201CRITICALAuthorization Bypass Through User-Controlled Key in Hubitat Elevation HubsEPSS 0.5%CVE-2024-32683MEDIUMWordPress WP Ultimate Review plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.5%CVE-2023-51503MEDIUMWordPress WooCommerce Payments Plugin <= 6.6.2 is vulnerable to Insecure Direct Object References (IDOR)EPSS 0.5%CVE-2026-8196MEDIUMJeecgBoot mLogin Endpoint LoginController.java authorizationEPSS 0.5%CVE-2026-42609HIGHGrav: Administrative Account Disruption and Privilege De-escalation via User Overwrite LogicEPSS 0.5%CVE-2023-38201MEDIUMKeylime: challenge-response protocol bypass during agent registrationEPSS 0.5%CVE-2024-4274MEDIUMEssential Real Estate <= 4.4.2 - Insecure Direct Object Reference to Arbitrary Attachment DeletionEPSS 0.5%CVE-2026-44083HIGHQuMagieEPSS 0.5%CVE-2023-0689MEDIUMMetform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcodeEPSS 0.5%CVE-2023-25160MEDIUMIDOR Vulnerability in Nextcloud MailEPSS 0.5%CVE-2022-3413MEDIUMIncorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, EPSS 0.5%CVE-2026-41084HIGHApache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutationEPSS 0.5%CVE-2024-10796MEDIUMIf-So Dynamic Content Personalization <= 1.9.2.1 - Authenticated (Contributor+) Post DisclosureEPSS 0.5%CVE-2020-37008HIGHEasyPMS 1.0.0 - Authentication BypassEPSS 0.5%