Falhas do tipo CWE-639
1.560 resultadosCVE-2026-44207MEDIUMFrappe: Insecure Direct Object Reference for email accountsEPSS 0.3%CVE-2024-43916MEDIUMWordPress Zephyr Project Manager plugin <= 3.3.102 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-10759MEDIUMWebkul QloApps CSRF Token authorizationEPSS 0.3%CVE-2024-10689MEDIUMXLTab – Accordions and Tabs for Elementor Page Builder <= 1.4 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2024-13841MEDIUMBuilder Shortcode Extras – WordPress Shortcodes Collection to Save You Time <= 1.0.0 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2026-29204CRITICALInsufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user’s `addonId` EPSS 0.3%CVE-2026-23754HIGHD-Link D-View 8 IDOR Allows Credential Disclosure and Account TakeoverEPSS 0.3%CVE-2026-40127MEDIUMAuthorization Bypass Through User-Controlled Key in OutSystems LifetimeEPSS 0.3%CVE-2024-10795MEDIUMPopularis Extra <= 1.2.7 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2026-2028MEDIUMMaxi Blocks <= 2.1.8 - Missing Authorization to Authenticated (Author+) Media File Deletion via 'old_media_src' ParameterEPSS 0.3%CVE-2025-11321MEDIUMzhuimengshaonian wisdom-education WrongBookController.java authorizationEPSS 0.3%CVE-2026-1213MEDIUMAskbot 0.12.2 - Insecure Direct Object Reference (IDOR)EPSS 0.3%CVE-2025-13615CRITICALStreamTube Core <= 4.78 - Unauthenticated Arbitrary User Password ChangeEPSS 0.3%CVE-2024-31296MEDIUMWordPress BookingPress plugin <= 1.0.81 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2024-11146MEDIUMTrueFiling authorization bypass via user-controlled keysEPSS 0.3%CVE-2022-3459MEDIUMWooCommerce Multiple Free Gift <= 1.2.3 - Insufficient Server-Side Validation to Arbitrary Gift AddingEPSS 0.3%CVE-2025-14996CRITICALAS Password Field In Default Registration Form <= 2.0.0 - Unauthenticated Privilege Escalation via Account TakeoverEPSS 0.3%CVE-2026-28444MEDIUMTypebot: IDOR in Result Logs Endpoint Allows Cross-Workspace Data DisclosureEPSS 0.3%CVE-2026-26016CRITICALPterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing AuthorizationEPSS 0.3%CVE-2025-3640MEDIUMMoodle: idor in web service allows users enrolled in a course to access some details of other usersEPSS 0.3%