Fallos del tipo CWE-639

1574 resultados
CVE-2024-49388LOWSensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, WindEPSS 0.3%CVE-2026-27839MEDIUMwger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookupEPSS 0.3%CVE-2026-27943MEDIUMOpenEMR's Eye Exam View Trusts form_id Without Verifying Patient/Encounter OwnershipEPSS 0.3%CVE-2026-25220MEDIUMOpenEMR Messages "Show All" Not Restricted to AdminsEPSS 0.3%CVE-2026-10623MEDIUMPressPrimer Quiz <= 2.3.0 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Modification via 'quiz_id', 'item_id', and 'rule_id' ParametersEPSS 0.3%CVE-2026-25930MEDIUMOpenEMR's Printable LBF Endpoint Leaks Arbitrary Patient FormsEPSS 0.3%CVE-2026-25929MEDIUMOpenEMR Patient Picture Context Allows Arbitrary Patient Photo RetrievalEPSS 0.3%CVE-2025-0606MEDIUMIDOR in Logo Software's Logo CloudEPSS 0.3%CVE-2026-9493HIGHBankPro E-Service Technology|Service Center - Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-7491HIGHZyosoft|School App - Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-56784HIGHOpenRemote < 1.25.0 IDOR via Bulk Alarm Deletion EndpointEPSS 0.3%CVE-2025-62244MEDIUMInsecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 tEPSS 0.3%CVE-2026-57341MEDIUMWordPress Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin <= 2.9.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-3292MEDIUMUser Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password UpdateEPSS 0.3%CVE-2026-52782CRITICALOpenProject: IDOR through /projects/<A>/settings/project_storages/<A_ps_id> via PATCH parameter "storages_project_storage[project_folder_id]" leads to Access to Unauthorized ResourcesEPSS 0.3%CVE-2025-66306MEDIUMGrav vulnerable to Information Disclosure via IDOR in Grav Admin PanelEPSS 0.3%CVE-2025-43803MEDIUMInsecure direct object reference (IDOR) vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsEPSS 0.3%CVE-2026-27835MEDIUMwger: IDOR in RepetitionsConfig and MaxRepetitionsConfig API leak other users' workout dataEPSS 0.3%CVE-2025-10719MEDIUMWisdomGarden|Tronclass - Insecure Direct Object ReferenceEPSS 0.3%CVE-2025-13474HIGHIDOR in Menulux Software's Mobile AppEPSS 0.3%