Falhas do tipo CWE-639
1.564 resultadosCVE-2025-3640MEDIUMMoodle: idor in web service allows users enrolled in a course to access some details of other usersEPSS 0.3%CVE-2026-26016CRITICALPterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing AuthorizationEPSS 0.3%CVE-2026-28444MEDIUMTypebot: IDOR in Result Logs Endpoint Allows Cross-Workspace Data DisclosureEPSS 0.3%CVE-2024-10925MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.3%CVE-2025-15096HIGHVideospirecore Theme Plugin <= 1.0.6 - Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account TakeoverEPSS 0.3%CVE-2026-27329MEDIUMWordPress YITH WooCommerce Wishlist plugin <= 4.12.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-25324MEDIUMWordPress Quiz And Survey Master plugin <= 10.3.4 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-1271MEDIUMProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image ModificationEPSS 0.3%CVE-2026-45732HIGHn8n: Cross-user Authorization Bypass in Dynamic Credential OAuth EndpointsEPSS 0.3%CVE-2025-49978MEDIUMWordPress JobSearch plugin < 3.0.6 - Insecure Direct Object References (IDOR) VulnerabilityEPSS 0.3%CVE-2025-58012LOWWordPress Content Mask plugin <= 1.8.5.3 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-63065MEDIUMWordPress Media LIbrary Assistant plugin <= 3.29 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-6612MEDIUMTransformerOptimus SuperAGI Agent Execution Endpoint agent_execution.py update_agent_execution authorizationEPSS 0.3%CVE-2026-24599MEDIUMWordPress NextMove Lite plugin <= 2.23.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-12883MEDIUMCampay Woocommerce Payment Gateway <= 1.2.2 - Unauthenticated Payment BypassEPSS 0.3%CVE-2025-12623LOWfushengqian fuint Authentication Token ClientSignController.java authorizationEPSS 0.3%CVE-2026-7702MEDIUMtoeverything AFFiNE Public Markdown Preview Endpoint :docId allowDocPreview authorizationEPSS 0.3%CVE-2024-4874MEDIUMBricks Builder <= 1.9.8 - Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-5842MEDIUMdecolua 9router Administrative API Endpoint api authorizationEPSS 0.3%CVE-2025-41020HIGHInsecure direct object reference (IDOR) vulnerability in Sergestec's ExitoEPSS 0.3%