Fallos del tipo CWE-639

1576 resultados
CVE-2026-49386MEDIUMIn JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning CanvasEPSS 0.2%CVE-2025-68979MEDIUMWordPress Google Calendar Events plugin <= 3.5.9 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2024-12306MEDIUMAccess Control Vulnerabilities Allow Unauthorized Access to User Profiles in UnifiedtransformEPSS 0.2%CVE-2025-64283MEDIUMWordPress RTMKit plugin <= 1.6.7 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2024-12305MEDIUMObject-Level Access Control Vulnerability Allows Unauthorized Access to Student Grades in UnifiedtransformEPSS 0.2%CVE-2025-66132MEDIUMWordPress FAPI Member plugin <= 2.2.30 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-44424MEDIUMShellHub: Cross-tenant IDOR in `GET /api/devices/:uid` discloses device data of any namespaceEPSS 0.2%CVE-2026-50141HIGHWoodpecker gRPC agent_id metadata can be spoofed- cross-tenant agent impersonationEPSS 0.2%CVE-2026-42736HIGHWordPress BP Better Messages plugin <= 2.14.16 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-25567MEDIUMWeKan < 8.19 Card Comment Author Spoofing via User-controlled authorIdEPSS 0.2%CVE-2026-44423MEDIUMShellHub: Cross-tenant IDOR in `GET /api/sessions/:uid` discloses SSH session dataEPSS 0.2%CVE-2026-1219MEDIUMMP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 4.0 - 5.10 - Unauthenticated Insecure Direct Object Reference to Sensitive Information ExposureEPSS 0.2%CVE-2026-27838LOWwger: IDOR via user-unscoped cache keys on routine API actions exposes workout dataEPSS 0.2%CVE-2025-5195MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.2%CVE-2026-10597MEDIUMITPison|OMICARD EDM - Insecure Direct Object ReferenceEPSS 0.2%CVE-2025-69727MEDIUMAn Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components (index.js and composeEPSS 0.2%CVE-2026-32589HIGHMirror-registry: quay: insecure direct object reference in blobuploadEPSS 0.2%CVE-2021-37577MEDIUMBluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core SpecificatioEPSS 0.2%CVE-2026-3173MEDIUMMeta Field Block <= 1.5.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary User Meta ExposureEPSS 0.2%CVE-2025-62252MEDIUMInsecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and LiferayEPSS 0.2%