Falhas do tipo CWE-639
1.548 resultadosCVE-2026-33511HIGHpyload-ng: Authentication Bypass via Host Header Injection in ClickNLoadEPSS 0.4%CVE-2026-46544MEDIUMMicrosoft UFO reuses client-supplied WebSocket session IDs and replays stale task results to new authenticated requestersEPSS 0.4%CVE-2026-52799HIGHGogs: Missing Authorization in Attachment DownloadEPSS 0.4%CVE-2023-7286MEDIUMACF Quick Edit Fields <= 3.2.2 - Authenticated (Contributor+) Insecure Direct Object ReferenceEPSS 0.4%CVE-2024-1693MEDIUMSP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name UpdateEPSS 0.4%CVE-2025-3089MEDIUMBroken Access Control in ServiceNow AI PlatformEPSS 0.4%CVE-2021-47721HIGHOrangescrum 1.8.0 Authenticated Privilege Escalation via User Session ManipulationEPSS 0.4%CVE-2023-2172MEDIUMBadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title OverwriteEPSS 0.4%CVE-2025-28874MEDIUMWordPress BP Email Assign Templates By shanebp plugin <= 1.7 - Arbitrary Content Deletion vulnerabilityEPSS 0.4%CVE-2025-14844HIGHMembership Plugin – Restrict Content <= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information ExposureEPSS 0.4%CVE-2023-2173MEDIUMBadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post DeletionEPSS 0.4%CVE-2024-4279MEDIUMTutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course DeletionEPSS 0.4%CVE-2026-33345MEDIUMsolidtime vulnerable to IDOR in private projectsEPSS 0.4%CVE-2025-22931HIGHAn insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackerEPSS 0.4%CVE-2024-12116MEDIUMUnlimited Theme Addon For Elementor and WooCommerce <= 1.2.2 - Authenticated (Contributor+) Post DisclosureEPSS 0.4%CVE-2026-20912CRITICALGitea: Cross-Repository Authorization Bypass via Release Attachment Linking Leads to Private Attachment DisclosureEPSS 0.4%CVE-2023-38049CRITICALA BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} in EasyAppointments < 1.5.0EPSS 0.4%CVE-2026-20897CRITICALGitea Git LFS Lock Deletion Broken Access Control (Cross-Repo IDOR)EPSS 0.4%CVE-2025-6329MEDIUMScriptAndTools Real Estate Management System User Delete userdelete.php authorizationEPSS 0.4%CVE-2025-26788HIGHStrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a discoverable transaction.EPSS 0.4%