Fallos del tipo CWE-639
1558 resultadosCVE-2026-33297MEDIUMAVideo has an IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.phpEPSS 0.3%CVE-2025-52447HIGHAuthorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (set-initial-sql tabdoc commanEPSS 0.3%CVE-2026-4868HIGHAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.3%CVE-2026-38807HIGHInsecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java componentEPSS 0.3%CVE-2025-14459HIGHVirt-cdi-controller: unauthorized pvc cloning via dataimportcronEPSS 0.3%CVE-2023-47022MEDIUMInsecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can leaEPSS 0.3%CVE-2026-33052MEDIUMMantisBT: Authorization Bypass in Global Profile CreationEPSS 0.3%CVE-2025-1667HIGHSchool Management System – WPSchoolPress <= 2.2.16 - Missing Authorization to Privilege Escalation via Account TakeoverEPSS 0.3%CVE-2025-65672HIGHInsecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course settings.EPSS 0.3%CVE-2024-55471MEDIUMOqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. This allows unauthorized useEPSS 0.3%CVE-2026-4503HIGHUnauthenticated Insecure Direct Object Reference (IDOR) Vulnerability in Langflow Desktop Image Download EndpointEPSS 0.3%CVE-2025-53208HIGHWordPress Maya Business <= 1.2.0 - Insecure Direct Object References (IDOR) VulnerabilityEPSS 0.3%CVE-2024-43350MEDIUMWordPress Propovoice CRM plugin <= 1.7.6.4 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-9152CRITICALUnauthenticated SOAP Endpoint in Altium 365 SearchService Allows Cross-Tenant Data Exfiltration and Index DestructionEPSS 0.3%CVE-2026-0909MEDIUMWP ULike <= 4.8.3.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Log Deletion via 'id' ParameterEPSS 0.3%CVE-2023-50267MEDIUMMeterSphere horizontal privilege escalation vulnerability of resources in project scope.EPSS 0.3%CVE-2024-8040HIGHAuthorization Bypass Through User-Controlled Key vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024xEPSS 0.3%CVE-2026-8629HIGHCrabbox < v0.12.0 Privilege Escalation via Agent Ticket EndpointsEPSS 0.3%CVE-2025-4855CRITICALSupport Board <= 3.8.0 - Unauthenticated Authorization Bypass due to Use of Default Secret KeyEPSS 0.3%CVE-2023-3285HIGHA BOLA vulnerability in POST /appointments in EasyAppointments < 1.5.0EPSS 0.3%