Fallos del tipo CWE-639

1575 resultados
CVE-2026-1558MEDIUMWP Recipe Maker <= 10.3.2 - Insecure Direct Object Reference to Unauthenticated Arbitrary Post Metadata Modification via 'recipeId' ParameterEPSS 0.3%CVE-2026-32104MEDIUMStudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's SettingsEPSS 0.3%CVE-2026-30927MEDIUMAdmidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameterEPSS 0.3%CVE-2025-64431HIGHIDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data TemperingEPSS 0.3%CVE-2025-10039MEDIUMELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.9 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'eh_crm_ticket_single_view_client'EPSS 0.3%CVE-2026-45810MEDIUMNextcloud: Propfind requests for file comments allowed to load comments for other filesEPSS 0.3%CVE-2025-27433MEDIUMBroken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)EPSS 0.3%CVE-2025-67985MEDIUMWordPress Document Library Lite plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-41372MEDIUMOpenClaw < 2026.4.2 - Loopback Protection Bypass via Trailing-Dot Localhost in CDP DiscoveryEPSS 0.3%CVE-2024-13887MEDIUMBusiness Directory Plugin - Easy Listing Directories for WordPress <= 6.4.14 - Insecure Direct Object Reference to Listing Arbitrary Image AdditionEPSS 0.3%CVE-2026-24900MEDIUMMarkUs has a submission-view IDOR exposes all student submissionsEPSS 0.3%CVE-2025-13479HIGHIDOR in PosCube's QR MenuEPSS 0.3%CVE-2025-30257MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-31950MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-65030HIGHRallly Improper Authorization in Comment Deletion Endpoint Allows Unauthorized Comment RemovalEPSS 0.3%CVE-2025-31147MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-31357MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-27927MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-31941MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2026-10023MEDIUMDokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification via Multiple AJAX HandlersEPSS 0.3%