Fallos del tipo CWE-639
1569 resultadosCVE-2026-9306MEDIUMQuantumNous new-api Midjourney Image Relay Endpoint relay-router.go GetByOnlyMJId authorizationEPSS 0.3%CVE-2026-4563MEDIUMMacCMS Member Order Detail User.php order_info authorizationEPSS 0.3%CVE-2026-2414MEDIUMAuthorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.EPSS 0.3%CVE-2025-32223MEDIUMWordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2023-50342HIGHInsecure Direct Object Reference (IDOR) affects DRYiCE MyXalyticsEPSS 0.3%CVE-2025-3889MEDIUMWordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference via 'quantity'EPSS 0.3%CVE-2026-31820HIGHSylius affected by IDOR in Cart and Checkout LiveComponentsEPSS 0.3%CVE-2024-39901MEDIUMOpenSearch Observability does not properly restrict access to private tenant resourcesEPSS 0.3%CVE-2025-65034HIGHRallly Improper Authorization Allows Reopening of Any Finalized Poll via Public pollIdEPSS 0.3%CVE-2025-12030MEDIUMACF to REST API <= 3.3.4 - Insecure Direct Object Reference to Authenticated (Contributor+) ACF Field/Option ModificationEPSS 0.3%CVE-2024-10775MEDIUMPiotnet Addons For Elementor <= 2.4.32 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2024-10690MEDIUMShortcodes for Elementor <= 1.0.4 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2025-65033HIGHRallly Broken Authorization: Any User Can Pause or Resume Any Poll via Poll ID ManipulationEPSS 0.3%CVE-2025-65029HIGHRallly Has an IDOR Vulnerability in Participant Deletion Endpoint Allows Unauthorized Removal of Poll ParticipantsEPSS 0.3%CVE-2025-34435HIGHAVideo < 20.1 IDOR Arbitrary File DeletionEPSS 0.3%CVE-2026-33724MEDIUMn8n's Source Control SSH Configuration Uses StrictHostKeyChecking=noEPSS 0.3%CVE-2026-7886LOWConcrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[] parameterEPSS 0.3%CVE-2026-54826HIGHWordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-32097HIGHPingPong has improper access control in thread file endpoints allows access outside intended scopeEPSS 0.3%CVE-2026-40768HIGHWordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%