Fallos del tipo CWE-639

1579 resultados
CVE-2025-59034MEDIUMIndico may disclose unauthorized user details access via legacy APIEPSS 0.2%CVE-2025-63513MEDIUMkishan0725 Hospital Management System v4 has an Insecure Direct Object Reference (IDOR) vulnerability in the appointment cancellation functiEPSS 0.2%CVE-2025-41093HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.2%CVE-2026-28782MEDIUMCraft has a Permission Bypass and IDOR in Duplicate Entry ActionEPSS 0.2%CVE-2025-41095HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.2%CVE-2026-24379MEDIUMWordPress WP Job Portal plugin <= 2.4.3 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-41091HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.2%CVE-2025-41094HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.2%CVE-2025-43782MEDIUMInsecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7EPSS 0.2%CVE-2025-41096HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.2%CVE-2025-41097HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.2%CVE-2025-41092HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.2%CVE-2026-5395HIGHFluent Forms <= 6.2.0 - Authenticated (Subscriber+) Authorization Bypass via 'table' ParameterEPSS 0.2%CVE-2025-25777HIGHInsecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulaEPSS 0.2%CVE-2026-8611MEDIUMKlamra Paycal for Aspaclaria <= 1.1.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Exposure via 'invoice_id' ParameterEPSS 0.2%CVE-2025-3282MEDIUMUser Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership ModificationEPSS 0.2%CVE-2026-55255CRITICALLangflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's FlowEPSS 0.2%CVE-2026-1883MEDIUMWicked Folders <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder DeletionEPSS 0.2%CVE-2025-66286MEDIUMWebkitgtk: authorization bypass through webpage::send-request signal handlerEPSS 0.2%CVE-2025-1284MEDIUMWoocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) <= 4.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information DisclosureEPSS 0.2%