Falhas do tipo CWE-639
1.575 resultadosCVE-2025-27927MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-31933MEDIUMGrowatt Cloud Applications Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2026-44776MEDIUMKavita: IDOR in /api/Download/*EPSS 0.3%CVE-2025-31950MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-13748MEDIUMFluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_idEPSS 0.3%CVE-2025-9081LOWIDOR in board file download allows any user to download any file by UUIDEPSS 0.3%CVE-2026-1206MEDIUMElementor Website Builder <= 3.35.7 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Elementor TemplateEPSS 0.3%CVE-2025-12524MEDIUMPost Type Switcher <= 4.0.0 - Insecure Direct Object Reference to Authenticated (Author+) Post Type ChangeEPSS 0.3%CVE-2022-48505—This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected partEPSS 0.3%CVE-2025-27929MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2026-42463HIGHSQLBot: Unauthorized Access VulnerabilityEPSS 0.2%CVE-2025-50849HIGHCS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickerEPSS 0.2%CVE-2025-11895MEDIUMBinary MLM Plan <= 5.0 - Authenticated (Subscriber+) Insecure Direct Object ReferenceEPSS 0.2%CVE-2025-62241MEDIUMInsecure Direct Object Reference (IDOR) vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote autheEPSS 0.2%CVE-2026-40570MEDIUMFreeScout's Missing Authorization in load_customer_info Allows Any Authenticated User to Access Full Customer PIIEPSS 0.2%CVE-2026-40792MEDIUMWordPress KiviCare plugin <= 4.2.1 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-13389MEDIUMAdmin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated Information DisclosureEPSS 0.2%CVE-2024-8988MEDIUMPeepSo Core: File Uploads <= 6.4.6.0 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via file_downloadEPSS 0.2%CVE-2026-49386MEDIUMIn JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning CanvasEPSS 0.2%CVE-2026-7787HIGHUnauthenticated Session History Access via Public Flow ExecutionEPSS 0.2%