Fallos del tipo CWE-639

1579 resultados
CVE-2025-36023MEDIUMIBM Cloud Pak for Business Automation security bypassEPSS 0.2%CVE-2025-27561MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.2%CVE-2026-33702HIGHChamilo LMS has an Insecure Direct Object Reference (IDOR)EPSS 0.2%CVE-2025-27565MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.2%CVE-2026-50194HIGHSteeltoe vulnerable to management-port isolation bypass via spoofed Host headerEPSS 0.2%CVE-2025-0642MEDIUMHard-coded Credentials in PosCube's AssistEPSS 0.2%CVE-2025-64011MEDIUMNextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user caEPSS 0.2%CVE-2025-8463MEDIUMIDOR in SecHard Information Technologies' SecHardEPSS 0.2%CVE-2025-58055MEDIUMDiscourse AI Suggestions Contain Insecure Direct Object ReferenceEPSS 0.2%CVE-2026-52812HIGHGogs: LFS dedupe path leaks private repo content across tenantsEPSS 0.2%CVE-2026-40589HIGHFreeScout has Customer Edit Cross-Mailbox Email TakeoverEPSS 0.2%CVE-2026-55611NONEAnythingLLM: embed-parsed-file cleanup deletes any parsed file by ID without ownership scoping (cross-tenant IDOR deletion)EPSS 0.2%CVE-2025-68502MEDIUMWordPress JetPopup plugin <= 2.0.20.1 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-33934MEDIUMOpenEMR's Missing Authorization in show-signature.php Allows Portal Patients to Read Staff SignaturesEPSS 0.2%CVE-2025-59034MEDIUMIndico may disclose unauthorized user details access via legacy APIEPSS 0.2%CVE-2026-7145MEDIUMmettle sendportal Invitation WorkspaceInvitationsController.php destroy authorizationEPSS 0.2%CVE-2026-39384HIGHFreeScout Customer Merge Cross-Mailbox Authorization BypassEPSS 0.2%CVE-2025-3519HIGHReplace uploaded files knowing the file upload IDEPSS 0.2%CVE-2026-25530MEDIUMKanboard is missing authorization check in getSwimlane API allows cross-project data accessEPSS 0.2%CVE-2026-56013MEDIUMWordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%