Falhas do tipo CWE-639

1.580 resultados
CVE-2025-14882LOWInsecure direct object referenceEPSS 0.2%CVE-2026-42517HIGHCryptographic Failure Vulnerability in e-Sushrut HMISEPSS 0.2%CVE-2026-41406LOWOpenClaw < 2026.3.31 - Sender Allowlist Bypass via Thread History and Quoted MessagesEPSS 0.2%CVE-2026-43917MEDIUMDokploy: Cross-Organization IDOR - Multiple tRPC endpoints missing activeOrganizationId validationEPSS 0.2%CVE-2026-45342HIGHLinkAce: IDOR in Update Policies Allows Any Authenticated User to Overwrite Other Users' Links, Lists, Tags, and NotesEPSS 0.2%CVE-2026-54009MEDIUMOpen WebUI: Cross-user file disclosure via /api/chat/completions image_url fieldEPSS 0.2%CVE-2026-30825NONEhoppscotch: IDOR - Any authenticated user can revoke any other user's Personal Access TokenEPSS 0.2%CVE-2025-27436MEDIUMBroken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)EPSS 0.2%CVE-2026-11461MEDIUMNousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorizationEPSS 0.2%CVE-2026-35489HIGHTandoor Recipes — `amount`/`unit` bypass serializer in `food/{id}/shopping/`EPSS 0.2%CVE-2026-26078HIGHDiscourse has authentication bypass vulnerability in the Patreon plugin webhook endpointEPSS 0.2%CVE-2025-65032MEDIUMRallly Has an IDOR Vulnerability in Participant Rename Function Allows Unauthorized Modification of Other Users’ NamesEPSS 0.2%CVE-2025-65028MEDIUMRallly Has an IDOR Vulnerability in Vote Update Endpoint Allows Unauthorized Manipulation of Participant VotesEPSS 0.2%CVE-2025-0640MEDIUMIDOR in Akinsoft's OctoCloudEPSS 0.2%CVE-2026-10154MEDIUMDolibarr ERP CRM messaging.php authorizationEPSS 0.2%CVE-2025-0670MEDIUMIDOR in Akinsoft's ProKuaforEPSS 0.2%CVE-2026-57498CRITICALCoolify Cross-Team IDOR: Livewire Components Accept Unscoped server_id and destination_uuid — Deploy to Other Teams' ServersEPSS 0.2%CVE-2025-55621MEDIUMAn Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download EPSS 0.2%CVE-2026-30857MEDIUMWeKnora: Unauthorized Cross‑Tenant Knowledge Base CloningEPSS 0.2%CVE-2025-14742MEDIUMWP Recipe Maker <= 10.2.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information ExposureEPSS 0.2%