Fallos del tipo CWE-639
1552 resultadosCVE-2024-43322MEDIUMWordPress Zephyr Project Manager plugin <= 3.3.100 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2026-2729MEDIUMForminator – Contact Form, Payment Form & Custom Form Builder <= 1.52.0 - Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse / Underpayment Bypass via 'paymentid' ParameterEPSS 0.4%CVE-2024-52294MEDIUMkhoj has an IDOR in subscription management that allows unauthorized subscription modificationsEPSS 0.4%CVE-2026-42889CRITICALRelay Server WebSocket authentication bypass when token is omittedEPSS 0.4%CVE-2026-1664MEDIUMInsecure Direct Object Reference (IDOR) via Header-Based Email RoutingEPSS 0.4%CVE-2025-22695MEDIUMWordPress Nirweb support plugin <= 3.0.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-10947MEDIUMSistemas Pleno Gestão de Locação CPF validarCpf authorizationEPSS 0.4%CVE-2026-24136HIGHSaleor has an Insecure Direct Object Reference (IDOR) in GraphQL APIEPSS 0.4%CVE-2025-11924HIGHNinja Forms – The Contact Form Builder That Grows With You <= 3.13.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer TokenEPSS 0.4%CVE-2023-36520MEDIUMWordPress Editorial Calendar Plugin <= 3.7.12 is vulnerable to Insecure Direct Object References (IDOR)EPSS 0.4%CVE-2025-69347HIGHWordPress WPSubscription plugin <= 1.8.10 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2024-43266MEDIUMWordPress WP Job Portal plugin <= 2.1.8 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2024-12132MEDIUMWP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object ReferenceEPSS 0.4%CVE-2024-5619CRITICALIDOR in PruvaSoft Informatics' Apinizer Management ConsoleEPSS 0.4%CVE-2026-56422CRITICALMISP Core: Mass Assignment and Object Re-ownership via Unvalidated Request FieldsEPSS 0.4%CVE-2025-69207MEDIUMKhoj has an IDOR in Notion OAuth Flow Enables Index PoisoningEPSS 0.4%CVE-2026-56424HIGHBroken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, templates, and decaying modelsEPSS 0.4%CVE-2024-34520HIGHAn authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allowsEPSS 0.4%CVE-2025-0337HIGHAuthorization bypass in Now PlatformEPSS 0.4%CVE-2025-8789MEDIUMPortabilis i-Educar API Endpoint Diario authorizationEPSS 0.4%