Fallos del tipo CWE-639

1528 resultados

CVE-2024-10654MEDIUMTOTOLINK LR350 formLoginAuth.htm authorizationEPSS 1.5%CVE-2026-8679HIGHAudioIgniter Music Player <= 2.0.2 - Unauthenticated Insecure Direct Object Reference to 'audioigniter_playlist_id' ParameterEPSS 1.5%CVE-2021-24374—Jetpack < 9.8 - Carousel Module Non-Published Page/Post Attachment Comment LeakEPSS 1.5%CVE-2022-2535—SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title DisclosureEPSS 1.5%CVE-2021-36387MEDIUMIn Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a speciaEPSS 1.4%CVE-2021-21324MEDIUMInsecure Direct Object Reference (IDOR) on "Solutions"EPSS 1.4%CVE-2024-7476MEDIUMBroken Access Control in lunary-ai/lunaryEPSS 1.4%CVE-2020-13998HIGHCitrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because tEPSS 1.4%CVE-2017-0922—Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resEPSS 1.4%CVE-2020-8297—Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user iEPSS 1.3%CVE-2024-50395MEDIUMMedia Streaming add-onEPSS 1.3%CVE-2023-3048CRITICALIDOR in TMT's LockcellEPSS 1.3%CVE-2021-39225HIGHMissing permission check on Deck APIEPSS 1.3%CVE-2022-1580—Site Offline < 1.5.3 - Access BypassEPSS 1.3%CVE-2021-43957HIGHAffected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IEPSS 1.2%CVE-2021-37631MEDIUMCircle can be accessed by non-Circle members in Nextcloud DeckEPSS 1.2%CVE-2023-34000HIGHWordPress WooCommerce Stripe Payment Gateway Plugin <= 7.4.0 is vulnerable to Insecure Direct Object References (IDOR)EPSS 1.2%CVE-2023-0865—WooCommerce Multiple Customer Addresses & Shipping < 21.7 - Arbitrary Address Creation/Deletion/Access/Update via IDOREPSS 1.2%CVE-2021-41305HIGHAffected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filterEPSS 1.2%CVE-2021-37630MEDIUMSecret Circle can be joined without approval in Nextcloud CirclesEPSS 1.2%

← anteriorpágina 3 / 77siguiente →