Falhas do tipo CWE-639
1.528 resultadosCVE-2024-10782MEDIUMTheme Builder For Elementor <= 1.2.2 - Authenticated (Contributor+) Post DisclosureEPSS 0.5%CVE-2022-40206MEDIUMWordPress wpForo Forum plugin <= 2.0.5 - Insecure direct object references (IDOR) vulnerabilityEPSS 0.5%CVE-2026-7681MEDIUMjsbroks COCO Annotator Dataset API datasets.py authorizationEPSS 0.5%CVE-2024-13040HIGHQuanta Computer QOCA aim - Authorization BypassEPSS 0.5%CVE-2024-30513MEDIUMWordPress ProfileGrid plugin <= 5.7.2 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.5%CVE-2024-20513MEDIUMA vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unEPSS 0.5%CVE-2024-50685CRITICALSunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references (IDOR) via the powerStationSEPSS 0.5%CVE-2025-61075HIGHMultiple Incorrect Access Control vulnerabilities in adata Software GmbH Mitarbeiterportal 2.15.2.0 allow remote authenticated, low-privilegEPSS 0.5%CVE-2024-50689CRITICALSunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the orgService APIEPSS 0.5%CVE-2024-50686CRITICALSunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the commonService EPSS 0.5%CVE-2026-25654HIGHA vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization whEPSS 0.5%CVE-2024-22305HIGHWordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.36 is vulnerable to Insecure Direct Object References (IDOR)EPSS 0.5%CVE-2026-41947CRITICALDify < 1.14.2 Authorization Bypass via Trace Configuration EndpointsEPSS 0.5%CVE-2026-30945HIGHStudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of ServiceEPSS 0.5%CVE-2026-30823HIGHFlowise: IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO ConfigurationEPSS 0.4%CVE-2023-32747MEDIUMWordPress WooCommerce Bookings Plugin <= 1.15.78 is vulnerable to Insecure Direct Object References (IDOR)EPSS 0.4%CVE-2025-25282HIGHPotential Insecure Direct Object Reference (IDOR) vulnerability in ragflowEPSS 0.4%CVE-2026-47068LOWCross-session PubSub topic injection via URL parameter in phoenix_storybookEPSS 0.4%CVE-2024-32808MEDIUMWordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object Reference (IDOR) vulnerabilityEPSS 0.4%CVE-2024-52511MEDIUMNextcloud Tables has an Authorization Bypass Through User-Controlled Key in TablesEPSS 0.4%