Fallos del tipo CWE-639

1574 resultados
CVE-2025-0987CRITICALIDOR in CB Project's CVLandEPSS 0.3%CVE-2025-15147MEDIUMWCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.11.8 - Insecure Direct Object Reference to Update Membership PaymentEPSS 0.3%CVE-2026-4208HIGHAuthentication Bypass in extension "E-Mail MFA Provider" (mfa_email)EPSS 0.3%CVE-2025-14033MEDIUMilGhera Support System for WooCommerce <= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information ExposureEPSS 0.3%CVE-2025-13457HIGHWooCommerce Square <= 5.1.1 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure in get_token_by_idEPSS 0.3%CVE-2025-43810MEDIUMInsecure Direct Object Reference (IDOR) vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2EPSS 0.3%CVE-2025-25276MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-26857MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2026-7502MEDIUMLinkStackOrg LinkStack Management Endpoint UserController.php saveLink authorizationEPSS 0.3%CVE-2024-13407MEDIUMOmnipress <= 1.5.4 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2025-49135MEDIUMCVAT missing validation for in-progress backup upload namesEPSS 0.3%CVE-2026-7573MEDIUMGetUserRoles API endpoint allows any authenticated user to enumerate ACL policies across all organizationsEPSS 0.3%CVE-2026-33313MEDIUMVikunja has an IDOR in Task Comments Allows Reading Arbitrary CommentsEPSS 0.3%CVE-2025-13004MEDIUMIDOR in Farktor Software's E-Commerce PackageEPSS 0.3%CVE-2022-2312Student Result or Employee Database < 1.7.5 - Stored Cross Site Scripting via CSRFEPSS 0.3%CVE-2026-42861HIGHFlowise: Mass Assignment in Variable Update Endpoint Allows Cross-Workspace Resource ReassignmentEPSS 0.3%CVE-2026-54357MEDIUMMISP improper authorization allows organization administrators to modify site administrator user settingsEPSS 0.3%CVE-2026-32120MEDIUMOpenEMR has IDOR in Fee Sheet Product SaveEPSS 0.3%CVE-2026-32104MEDIUMStudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's SettingsEPSS 0.3%CVE-2026-1558MEDIUMWP Recipe Maker <= 10.3.2 - Insecure Direct Object Reference to Unauthenticated Arbitrary Post Metadata Modification via 'recipeId' ParameterEPSS 0.3%