Fallos del tipo CWE-639

1549 resultados
CVE-2024-12103MEDIUMContent No Cache: prevent specific content from being cached <= 0.1.2 - Unauthenticated Private Content DisclosureEPSS 0.4%CVE-2024-8261HIGHIDOR in Proliz Software's OBSEPSS 0.4%CVE-2026-33735HIGHMyTube has an Improper Access Control that Allows Complete Application TakeoverEPSS 0.4%CVE-2024-1744CRITICALIDOR in Ariva Computer's Accord ORSEPSS 0.4%CVE-2024-3305HIGHIDOR in Utarit Information's SoliClubEPSS 0.4%CVE-2024-29181LOW@strapi/plugin-content-manager leaks data via relations via the Admin PanelEPSS 0.4%CVE-2024-38827MEDIUMSpring Security Authorization Bypass for Case Sensitive ComparisonsEPSS 0.4%CVE-2022-39018HIGHBroken access controls on PDFtron data in M-Files HubshareEPSS 0.4%CVE-2024-25270MEDIUMAn issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulatEPSS 0.4%CVE-2026-4958LOWOpenBMB XAgent WebSocket Endpoint replayer.py ReplayServer.send_data authorizationEPSS 0.4%CVE-2026-22589HIGHSpree API has Unauthenticated IDOR - Guest AddressEPSS 0.4%CVE-2024-56143HIGHStrapi Allows Unauthorized Access to Private Fields via parms.lookupEPSS 0.4%CVE-2025-26977LOWWordPress FileBird plugin <= 6.4.2.1 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2023-37242Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite thEPSS 0.4%CVE-2025-3281MEDIUMUser Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User DeletionEPSS 0.4%CVE-2024-47657HIGHImproper Access Control VulnerabilityEPSS 0.4%CVE-2026-30969HIGHCoral Server has insufficient agent authentication in session communication channelsEPSS 0.4%CVE-2023-47543MEDIUMAn authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an auEPSS 0.4%CVE-2026-40981HIGHWhen using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentiaEPSS 0.4%CVE-2025-34293HIGHGN4 Publishing System Insecure Direct Object Reference (IDOR) Information DisclosureEPSS 0.4%