Fallos del tipo CWE-639

1587 resultados
CVE-2026-14209MEDIUMKeycloak-admin-ui: keycloak-admin-ui: keycloak: admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictionsEPSS 0.2%CVE-2026-43934MEDIUMe107: Broken Access Control in e107 comment edit allows cross-user comment modificationEPSS 0.2%CVE-2026-42572MEDIUMHatchet: Cross-tenant information disclosure in `listTasksByDAGIds`EPSS 0.2%CVE-2026-57646MEDIUMWordPress Majestic Support plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-31869MEDIUMDiscourse: Composer mentions endpoint leaks hidden group membership through PM `allowed_names` checkEPSS 0.2%CVE-2025-64282MEDIUMWordPress Radius Blocks plugin <= 2.2.1 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-35023MEDIUMWimi Teamwork On-Premises < 8.2.0 IDOR via preview.phpEPSS 0.2%CVE-2026-31832MEDIUMUmbraco Backoffice API Allows Unauthorized Modification of Domain DataEPSS 0.2%CVE-2026-54006MEDIUMOpen WebUI: Calendar event re-parenting allows writing events into another user's calendarEPSS 0.2%CVE-2025-10570MEDIUMFlexible Refund and Return Order for WooCommerce <= 1.0.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order RefundEPSS 0.2%CVE-2026-1228MEDIUMTimeline Block <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode AttributeEPSS 0.2%CVE-2026-41127MEDIUMBigBlueButton's missing authorization allows viewer to inject/overwrite captionsEPSS 0.2%CVE-2025-6833MEDIUMAll in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Clocking In/OutEPSS 0.2%CVE-2025-65097HIGHInsecure Direct Object Reference (IDOR) Allows Unauthorized Deletion of User CollectionsEPSS 0.2%CVE-2026-48067MEDIUMFilament: Inconsistent scope enforcement for AttachAction and AssociateAction Select fieldsEPSS 0.2%CVE-2025-40773MEDIUMA vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications contains a broken access controEPSS 0.2%CVE-2026-57956MEDIUMSigNoz 0.130.1 - Cross-Organization Insecure Direct Object Reference in Alert RulesEPSS 0.2%CVE-2025-12126MEDIUMThe Total Book Project <= 1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Book ManipulationEPSS 0.2%CVE-2025-12954LOWTimetable and Event Schedule by MotoPress < 2.4.16 - Contributor+ Event Disclosure via IDOREPSS 0.2%CVE-2026-28747HIGHMilesight Cameras Authorization Bypass Through User-Controlled KeyEPSS 0.2%