Falhas do tipo CWE-639
1.569 resultadosCVE-2026-45743HIGHTermix has a File-Manager Session Hijack via Missing Ownership Check (IDOR)EPSS 0.3%CVE-2026-7510MEDIUMOWAP DefectDojo Benchmark/Engagement/Product/Survey authorizationEPSS 0.3%CVE-2026-11500LOWWeaviate Static API Key client.go validateConfig authorizationEPSS 0.3%CVE-2026-2879MEDIUMGetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Post Overwrite/DeletionEPSS 0.3%CVE-2025-55795LOWThe openml/openml.org web application version v2.0.20241110 uses incremental user IDs and insufficient email ownership verification during eEPSS 0.3%CVE-2025-4596MEDIUMInformation disclosure via IDOR in Asseco AMDXEPSS 0.3%CVE-2024-22455MEDIUMDell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An uEPSS 0.3%CVE-2026-32894HIGHChamilo LMS has an IDOR in Gradebook Allows Cross-Course Deletion of Any Student's Grade ResultEPSS 0.3%CVE-2026-25564HIGHWeKan < 8.19 Checklist Deletion IDOR via Missing Relationship ValidationEPSS 0.3%CVE-2026-33030HIGHNginx UI: Unencrypted Storage of DNS API Tokens and ACME Private KeysEPSS 0.3%CVE-2026-25563HIGHWeKan < 8.19 Checklist Creation Cross-Board IDOREPSS 0.3%CVE-2025-66911MEDIUMTurms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. TEPSS 0.3%CVE-2025-51479MEDIUMAuthorization bypass in update_user_group in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbEPSS 0.3%CVE-2026-46558HIGHPlane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspacesEPSS 0.3%CVE-2026-53470CRITICALMigration-planner: getsourcedownloadurl missing organization checkEPSS 0.3%CVE-2026-12102LOWUsersWP <= 1.2.63 - Insecure Direct Object Reference to Authenticated (Editor+) Arbitrary User Avatar/Banner Reset via 'user_id' ParameterEPSS 0.3%CVE-2025-40658MEDIUMInsecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMSEPSS 0.3%CVE-2025-40660MEDIUMInsecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMSEPSS 0.3%CVE-2025-4040HIGHIDOR in Turpak's Automatic Station Monitoring SystemEPSS 0.3%CVE-2026-8828HIGHA lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily readEPSS 0.3%