Fallos del tipo CWE-639
1572 resultadosCVE-2026-8828HIGHA lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily readEPSS 0.3%CVE-2026-6444HIGHA flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, accesEPSS 0.3%CVE-2026-42276MEDIUMOnyx: IDOR in /chat/stop-chat-session allows any authenticated user to interrupt other users chat sessionsEPSS 0.3%CVE-2025-40661MEDIUMInsecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMSEPSS 0.3%CVE-2025-4040HIGHIDOR in Turpak's Automatic Station Monitoring SystemEPSS 0.3%CVE-2026-48868HIGHWordPress Simple Shopping Cart plugin <= 5.2.9 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-3636MEDIUMMoodle: idor in moodle rss block allows unauthorized access to rss feedsEPSS 0.3%CVE-2026-6552HIGHAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.3%CVE-2026-39518HIGHWordPress EventPrime plugin <= 4.3.0.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-48872HIGHWordPress EmbedPress plugin <= 4.5.2 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2026-44718MEDIUMMathesar: Missing collaborator checks allowed access to saved explorations in other databasesEPSS 0.3%CVE-2026-54839HIGHWordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin <= 2.0.9 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2026-45666MEDIUMOpen WebUI: Indirect Object Reference (IDOR) in user notesEPSS 0.3%CVE-2026-20904MEDIUMGitea: Broken access control in OpenID visibility toggle enables cross-user visibility changesEPSS 0.3%CVE-2025-6574HIGHService Finder Bookings < 6.1 - Authenticated (Subscriber+) Privilege Escalation via Account TakeoverEPSS 0.3%CVE-2025-26660MEDIUMBroken Access Control in SAP Fiori apps (Posting Library)EPSS 0.3%CVE-2025-64516HIGHGLPI incorrectly authorizes access to documentsEPSS 0.3%CVE-2026-33730MEDIUMOpen Source Point of Sale has an IDOR in Password Change (Home)EPSS 0.3%CVE-2026-4549LOWmickasmt next-saas-stripe-starter Stripe API open-customer-portal.ts openCustomerPortal authorizationEPSS 0.3%CVE-2026-53726MEDIUMParse Server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACLEPSS 0.3%