Fallos del tipo CWE-639
1565 resultadosCVE-2025-65098HIGHTypebot Vulnerable to Credential Theft via Client-Side Script Execution and API Authorization BypassEPSS 0.3%CVE-2026-54105MEDIUMU.S. GAO EPDS and CBCA EDS user information disclosureEPSS 0.3%CVE-2024-10770MEDIUMEnvo Extra <= 1.9.3 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2025-13110MEDIUMHUSKY – Products Filter Professional for WooCommerce <= 1.3.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr'EPSS 0.3%CVE-2024-12062MEDIUMCharity Addon for Elementor <= 1.3.3 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2026-28469HIGHOpenClaw < 2026.2.14 - Cross-Account Policy Context Misrouting via Shared Webhook Path AmbiguityEPSS 0.3%CVE-2025-7718HIGHResideo Plugin for Resideo - Real Estate WordPress Theme <= 2.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Privilege Escalation via Account TakeoverEPSS 0.3%CVE-2024-10693MEDIUMSKT Addons for Elementor <= 3.3 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2026-56069HIGHWordPress Toolset Forms plugin <= 2.6.24 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-6583MEDIUMTransformerOptimus SuperAGI API Key Management Endpoint api_key.py edit_api_key authorizationEPSS 0.3%CVE-2026-6584MEDIUMTransformerOptimus SuperAGI User Update Endpoint user.py update_user authorizationEPSS 0.3%CVE-2024-10695MEDIUMFuturio Extra <= 2.0.13 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2025-15018CRITICALOptional Email <= 1.3.11 - Unauthenticated Privilege Escalation to Account TakeoverEPSS 0.3%CVE-2024-10669MEDIUMCountdown Timer block – Display the event's date into a timer. <= 1.2.4 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2024-12102MEDIUMTyper Core <= 1.9.6 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2024-12472MEDIUMPost Duplicator <= 2.36 - Authenticated (Contributor+) Protected Post DisclosureEPSS 0.3%CVE-2025-15025HIGHIDOR in Yordam Informatics' Library Automation SystemEPSS 0.3%CVE-2024-39897MEDIUMCache driver GetBlob() allows read access to any blob without access control checkEPSS 0.3%CVE-2025-11957CRITICALImproper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to EPSS 0.3%CVE-2024-4154HIGHIncorrect Synchronization in lunary-ai/lunaryEPSS 0.3%