Falhas do tipo CWE-639
1.565 resultadosCVE-2018-25129HIGHSOCA Access Control System 180612 Information Disclosure via Multiple EndpointsEPSS 0.3%CVE-2026-1987MEDIUMScheduler Widget <= 0.1.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Event ModificationEPSS 0.3%CVE-2026-47189HIGHQuest Bot: AutoMod removal can delete rules from another guild by global rule IDEPSS 0.3%CVE-2025-43790HIGHInsecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6EPSS 0.3%CVE-2025-56392HIGHAn Insecure Direct Object Reference (IDOR) in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate oEPSS 0.3%CVE-2026-7638MEDIUMApp Builder <= 5.5.10 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Avatar Modification via 'user_id' ParameterEPSS 0.3%CVE-2025-11741MEDIUMWPC Smart Quick View for WooCommerce <= 4.2.5 - Insecure Direct Object Reference to Unauthenticated Private Product ExposureEPSS 0.3%CVE-2025-2271HIGHIDOR in Issuetrak NewAuditID parameter via Inv_PopTrakXShow.aspEPSS 0.3%CVE-2025-40650HIGHInsecure Direct Object Reference (IDOR) in ClickeduEPSS 0.3%CVE-2026-23488MEDIUMBlinko: multiple interfaces in the comment feature allow unauthorized accessEPSS 0.3%CVE-2026-4160MEDIUMFluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status ModificationEPSS 0.3%CVE-2024-39900MEDIUMOpenSearch Dashboards Reports does not properly restrict access to private tenant resourcesEPSS 0.3%CVE-2026-32300HIGHConnect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User InformationEPSS 0.3%CVE-2025-51867MEDIUMInsecure Direct Object Reference (IDOR) vulnerability in Deepfiction AI (deepfiction.ai) thru June 3, 2025, allowing attackers to chat with EPSS 0.3%CVE-2025-50340MEDIUMAn Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send eEPSS 0.3%CVE-2025-11519MEDIUMImage optimization service by Optimole <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Author+) Media OffloadEPSS 0.3%CVE-2026-35584MEDIUMFreeScout has an Unauthenticated IDOR in Open Tracking Endpoint Allows Cross-Conversation Thread Manipulation and EnumerationEPSS 0.3%CVE-2026-6965MEDIUMTutor LMS <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion via 'course' GET ParameterEPSS 0.3%CVE-2024-52313MEDIUMdata.all authenticated users can obtain incorrect object level authorizationsEPSS 0.3%CVE-2024-10777MEDIUMAnyWhere Elementor <= 1.2.11 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%