Fallos del tipo CWE-639

1576 resultados
CVE-2025-65670MEDIUMAn Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulatingEPSS 0.2%CVE-2025-12427MEDIUMYITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist RenameEPSS 0.2%CVE-2026-6001HIGHIDOR in Abis Technology's BAPSİSEPSS 0.2%CVE-2025-15370MEDIUMShield Security <= 21.0.9 - Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google AuthenticatorEPSS 0.2%CVE-2025-12008HIGHIDOR in APPYAP's Yaay Social Media AppEPSS 0.2%CVE-2025-31949MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.2%CVE-2026-56048MEDIUMWordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-31654MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.2%CVE-2026-54010HIGHOpen WebUI: Forged chat-file link allows cross-user file read and deletionEPSS 0.2%CVE-2026-26004MEDIUMSentry allows unauthorized access to event data across organizational boundariesEPSS 0.2%CVE-2025-64497MEDIUMTuleap exposes releases for all projects to File Release System project administratorsEPSS 0.2%CVE-2026-3020HIGHIdentity based authorization bypass vulnerability (IDOR) in the Wakyma application webEPSS 0.2%CVE-2025-66513MEDIUMNextcloud Tables app share information not limited to relevant usersEPSS 0.2%CVE-2025-40676MEDIUMMúltiples vulnerabilidades en Negotiator de BBMRI-ERICEPSS 0.2%CVE-2026-44341MEDIUMGoJobs: Insecure Direct Object Reference (IDOR) in Job Retrieval EndpointEPSS 0.2%CVE-2025-69274LOWSpectrum broken authorization schemeEPSS 0.2%CVE-2026-47378MEDIUMNocoDB: Hidden Column Exposure in Public Shared View EndpointsEPSS 0.2%CVE-2026-33702HIGHChamilo LMS has an Insecure Direct Object Reference (IDOR)EPSS 0.2%CVE-2025-66547MEDIUMNextcloud Server users can modify tags on files that do not belong to themEPSS 0.2%CVE-2025-27565MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.2%