Falhas do tipo CWE-639
1.572 resultadosCVE-2026-3124HIGHDownload Monitor <= 5.1.7 - Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'order_id'EPSS 0.3%CVE-2026-32694MEDIUMInsecure Direct Object Reference attack via predictable secret ID in JujuEPSS 0.3%CVE-2026-9099HIGHKeycloak: group-admin escalation to realm-adminEPSS 0.3%CVE-2025-9836MEDIUMmacrozheng mall paySuccess authorizationEPSS 0.3%CVE-2025-68975MEDIUMWordPress Eagle Booking plugin <= 1.3.4.3 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-42863HIGHFlowise: Mass Assignment in Chatflow Update Endpoint Allows Cross-Workspace AgentFlow ReassignmentEPSS 0.3%CVE-2026-34055HIGHOpenEMR has IDOR in Patient Notes Web UI allows unauthorized note access/modificationEPSS 0.3%CVE-2026-45552CRITICALRoxy-WI: Cross-tenant authorization bypass on /install/* — guest can run Ansible / SSH on every registered serverEPSS 0.3%CVE-2026-35045HIGHTandoor Recipes Affected by Private Recipe Exposure and Unauthorized ModificationEPSS 0.3%CVE-2026-42279MEDIUMsolidtime: Time entry update endpoint allows cross-organization modification of a known time-entry UUIDEPSS 0.3%CVE-2026-56774MEDIUMKanboard - Cross-User Deletion of Persistent Login Sessions via Unvalidated Session IDEPSS 0.3%CVE-2026-27708HIGHFOSSBilling: IDOR in Servicecustom Client API allows cross-client data accessEPSS 0.3%CVE-2026-31956MEDIUMXibo CMS has Preview and SavedReport IDOR via disableUserCheck without controller-level authorizationEPSS 0.3%CVE-2026-28225MEDIUMManyfold has IDOR in ModelFilesControllerEPSS 0.3%CVE-2025-7347HIGHIDOR in Dinibh Puzzle's Dinibh Patrol Tracking SystemEPSS 0.3%CVE-2024-13740MEDIUMProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages DisclosureEPSS 0.3%CVE-2025-64105MEDIUMFOSSBilling: IDOR Vulnerability in Support Ticket CreationEPSS 0.3%CVE-2026-33678HIGHVikunja has IDOR in Task Attachment ReadOne Allows Cross-Project File Access and DeletionEPSS 0.3%CVE-2024-4843MEDIUMePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged EPSS 0.3%CVE-2025-8770MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.3%