Falhas do tipo CWE-639
1.501 resultadosCVE-2021-37628HIGHFile Drop can be bypassed using Richdocuments app in nextcloudEPSS 2.0%CVE-2023-3105HIGHLearnDash LMS <= 4.6.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password ChangeEPSS 2.0%CVE-2022-45927HIGHAn issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authenEPSS 1.9%CVE-2021-32654HIGHAttacker can obtain write access to any federated share/public linkEPSS 1.8%CVE-2022-0686MEDIUMAuthorization Bypass Through User-Controlled Key in unshiftio/url-parseEPSS 1.8%CVE-2025-4210MEDIUMCasdoor SCIM User Creation Endpoint scim.go HandleScim authorizationEPSS 1.8%CVE-2021-24892—Advanced Forms < 1.6.9 - Subscriber+ Arbitrary User Email Address Update via IDOREPSS 1.8%CVE-2022-0512HIGHAuthorization Bypass Through User-Controlled Key in unshiftio/url-parseEPSS 1.8%CVE-2020-8154—An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when EPSS 1.8%CVE-2023-44981CRITICALApache ZooKeeper: Authorization bypass in SASL Quorum Peer AuthenticationEPSS 1.7%CVE-2021-41129HIGHAuthentication bypass in PterodactylEPSS 1.7%CVE-2022-1165—Blackhole for Bad Bots < 3.3.2 - Arbitrary IP Address Blocking via IP SpoofingEPSS 1.6%CVE-2021-24562—LifterLMS < 4.21.2 - Access Other Student Grades/Answers via IDOREPSS 1.6%CVE-2021-41307HIGHAffected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and EPSS 1.6%CVE-2024-46528MEDIUMAn Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x EPSS 1.6%CVE-2022-3805HIGHJeg Elementor Kit <= 2.5.6 - Unauthenticated Authorization BypassEPSS 1.6%CVE-2022-0613MEDIUMAuthorization Bypass Through User-Controlled Key in medialize/uri.jsEPSS 1.6%CVE-2021-41306HIGHAffected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an EPSS 1.6%CVE-2024-9617MEDIUMIDOR in danswer-ai/danswerEPSS 1.6%CVE-2022-0639MEDIUMAuthorization Bypass Through User-Controlled Key in unshiftio/url-parseEPSS 1.5%