Fallos del tipo CWE-639

1581 resultados
CVE-2026-5798HIGHUnsafe Object Reference (IDOR) vulnerability in Stel OrderEPSS 0.2%CVE-2025-63043MEDIUMWordPress Post Grid and Gutenberg Blocks plugin <= 2.3.23 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-45297MEDIUMCross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatchEPSS 0.2%CVE-2025-12040MEDIUMWishlist for WooCommerce <= 1.1.3 - Insecure Direct Object Reference to Unauthenticated Wishlist ManipulationEPSS 0.2%CVE-2026-11369HIGHIDOR in Comment API Allows Cross-Process Comment Read and WriteEPSS 0.2%CVE-2026-40867HIGHHorilla: Unauthorized Helpdesk Attachment Access via Attachment ID ManipulationEPSS 0.2%CVE-2026-33425MEDIUMDiscourse has inferable private group membership or existence via exclude_groups parameterEPSS 0.2%CVE-2026-5750HIGHInsecure direct object reference (IDOR) vulnerability in FullstepEPSS 0.2%CVE-2026-40866HIGHHorilla: Unauthorized Document Overwrite via File Upload EndpointEPSS 0.2%CVE-2026-53911MEDIUMCerebrate primary key mass assignment in CRUD edit operations allows authenticated users to overwrite unrelated recordsEPSS 0.2%CVE-2025-66556LOWNextcloud talk allows participants to blindly delete poll drafts of other users by IDEPSS 0.2%CVE-2025-66551MEDIUMNextcloud Tables is missing an ownership check which allows moving columns into tables of other usersEPSS 0.2%CVE-2023-36331HIGHIncorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via maEPSS 0.2%CVE-2025-3853MEDIUMWPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key GenerationEPSS 0.2%CVE-2025-41077HIGHMultiple vulnerabilities in Viafirma productsEPSS 0.2%CVE-2026-43890HIGHOutline: IDOR in subscriptions.create allows cross-tenant subscription on private documents (sibling of GHSA-23jj-rp48-w7q7)EPSS 0.2%CVE-2026-2697LOWIndirect Object Reference (IDOR) in Security CenterEPSS 0.2%CVE-2026-33700MEDIUMVikunja has a Link Share Delete IDOR — Missing Project Ownership Check Allows Cross-Project Link Share DeletionEPSS 0.2%CVE-2025-11247MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.2%CVE-2026-7881MEDIUMConcrete CMS 9.5.0 and below is vulnerable to IDOR in the Express Entry Detail blockEPSS 0.2%