Falhas do tipo CWE-639

1.572 resultados
CVE-2026-31956MEDIUMXibo CMS has Preview and SavedReport IDOR via disableUserCheck without controller-level authorizationEPSS 0.3%CVE-2026-33678HIGHVikunja has IDOR in Task Attachment ReadOne Allows Cross-Project File Access and DeletionEPSS 0.3%CVE-2026-28225MEDIUMManyfold has IDOR in ModelFilesControllerEPSS 0.3%CVE-2024-13740MEDIUMProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages DisclosureEPSS 0.3%CVE-2024-4843MEDIUMePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged EPSS 0.3%CVE-2026-6566MEDIUMPhoto Gallery, Sliders, Proofing and Themes <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion via REST APIEPSS 0.3%CVE-2025-8770MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.3%CVE-2024-42169HIGHHCL MyXalytics is affected by insecure direct object referencesEPSS 0.3%CVE-2025-9342MEDIUMIDOR in Anadolu Hayat Emeklilik's AHE MobileEPSS 0.3%CVE-2025-63248HIGHDWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of anotEPSS 0.3%CVE-2025-0661MEDIUMDethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Protected Post DisclosureEPSS 0.3%CVE-2025-8057MEDIUMIDOR in Patika Global Technologies' HumanSuiteEPSS 0.3%CVE-2026-28354MEDIUMClipBucket v5 has IDOR in Collection Item ManagementEPSS 0.3%CVE-2026-54361HIGHMISP mass assignment vulnerabilities allow unauthorized modification of ownership and delegation recordsEPSS 0.3%CVE-2026-49339HIGHPath traversal in getPlaylist/deletePlaylist bypasses ownership check: any authenticated user can read or delete any other user's playlistEPSS 0.3%CVE-2026-44692HIGHAuthenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpointEPSS 0.3%CVE-2025-1031HIGHIDOR in Utarit Informatics' SoliClubEPSS 0.3%CVE-2026-41279HIGHFlowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentialsEPSS 0.3%CVE-2026-54184HIGHWordPress Clean Login plugin <= 1.15 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-36365MEDIUMIBM Db2 Privilege EscalationEPSS 0.3%