Falhas do tipo CWE-639
1.565 resultadosCVE-2025-50340MEDIUMAn Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send eEPSS 0.3%CVE-2025-5261HIGHIDOR in PozitifIK's Pik OnlineEPSS 0.3%CVE-2025-11519MEDIUMImage optimization service by Optimole <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Author+) Media OffloadEPSS 0.3%CVE-2026-40043HIGHPachno 1.0.6 Authentication Bypass via runSwitchUser()EPSS 0.3%CVE-2025-9835MEDIUMmacrozheng mall cancelUserOrder cancelOrder authorizationEPSS 0.3%CVE-2026-4630MEDIUMKeycloak: keycloak: unauthorized resource access and data modification via insecure direct object referenceEPSS 0.3%CVE-2026-28503MEDIUMTandoor Recipes has Cross-Space IDOR in SyncViewSet.query_synced_folder: missing space scoping on get_object_or_404EPSS 0.3%CVE-2024-12131MEDIUMWP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.5- Authenticated (Subscriber+) Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-35478HIGHInvenTree has Arbitrary API Token CreationEPSS 0.3%CVE-2024-12309MEDIUMRate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled PostsEPSS 0.3%CVE-2024-10779MEDIUMCowidgets – Elementor Addons <= 1.2.0 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2026-34832MEDIUMScoold: Cross-Account Feedback Deletion (IDOR)EPSS 0.3%CVE-2024-13873MEDIUMWP Job Portal <= 2.2.8 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo DisconnectionEPSS 0.3%CVE-2024-13832MEDIUMUltra Addons Lite for Elementor <= 1.1.8 - Authenticated (Contributor+) Restricted Post DisclosureEPSS 0.3%CVE-2024-33373MEDIUMAn issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords forEPSS 0.3%CVE-2026-6570MEDIUMkodcloud KodExplorer systemMember.class.php initInstall authorizationEPSS 0.3%CVE-2026-3605HIGHVault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-ServiceEPSS 0.3%CVE-2026-42456MEDIUMAnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (IDOR)EPSS 0.3%CVE-2024-10667MEDIUMContent Slider Block – Create fully functional slider with Gutenberg block <= 3.1.5 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2025-65098HIGHTypebot Vulnerable to Credential Theft via Client-Side Script Execution and API Authorization BypassEPSS 0.3%