Falhas do tipo CWE-639
1.560 resultadosCVE-2025-0352HIGHRapid Response Monitoring My Security Account App Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2026-6810MEDIUMBooking Calendar Contact Form <= 1.2.63 - Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar TakeoverEPSS 0.3%CVE-2023-30216MEDIUMInsecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account informatioEPSS 0.3%CVE-2026-2554HIGHWCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.25 - Authenticated (Vendor+) Insecure Direct Object Reference to Arbitrary User DeletionEPSS 0.3%CVE-2026-4654MEDIUMAwesome Support <= 6.3.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Unauthorized Ticket Reply Access via 'ticket_id' ParameterEPSS 0.3%CVE-2023-3286HIGHA BOLA vulnerability in POST /secretaries in EasyAppointments < 1.5.0EPSS 0.3%CVE-2026-21409HIGHImproper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communicEPSS 0.3%CVE-2024-13425MEDIUMWP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company DeletionEPSS 0.3%CVE-2025-14974MEDIUMIBM InfoSphere Information Server is vulnerable due to Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-7399HIGHIDOR in MeWare Software's PDKSEPSS 0.3%CVE-2023-3289HIGHA BOLA vulnerability in POST /services in EasyAppointments < 1.5.0EPSS 0.3%CVE-2025-2301MEDIUMIDOR in Akbim Software's Online Exam RegistrationEPSS 0.3%CVE-2024-39033HIGHIn Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object Reference (IDOR) in the getuserproperty function allows user's configuration EPSS 0.3%CVE-2024-13429MEDIUMWP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job DeletionEPSS 0.3%CVE-2025-67909HIGHWordPress Membership For WooCommerce plugin <= 3.0.3 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2021-27700HIGHSOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized customer with partner mode can switch to anEPSS 0.3%CVE-2026-3999HIGHBroken access control vulnerability affecting ID ServerEPSS 0.3%CVE-2026-28781HIGHCraft Affected by Entries Authorship Spoofing via Mass AssignmentEPSS 0.3%CVE-2025-3874MEDIUMWordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object ReferenceEPSS 0.3%CVE-2024-6534MEDIUMDirectus 10.13.0 - Insecure object reference via PATH presetsEPSS 0.3%