Falhas do tipo CWE-639

1.581 resultados
CVE-2025-8794MEDIUMLitmusChaos Litmus LocalStorage authorizationEPSS 0.2%CVE-2026-5396HIGHFluent Forms <= 6.1.21 - Authenticated (Subscriber+) Authorization Bypass via 'form_id' ParameterEPSS 0.2%CVE-2026-46407HIGHVvveb: admin/auth-token IDOR allows unauthorized disclosure of administrator REST API tokensEPSS 0.2%CVE-2025-67298HIGHAn issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profileEPSS 0.2%CVE-2026-3073MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.2%CVE-2026-30843CRITICALWekan has Cross-Board IDOR in Custom Fields Update EndpointsEPSS 0.2%CVE-2025-68492LOWChainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploitEPSS 0.2%CVE-2025-68071MEDIUMWordPress Essential Real Estate plugin <= 5.3.2 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-6614MEDIUMTransformerOptimus SuperAGI project.py get_projects_organisation authorizationEPSS 0.2%CVE-2026-49141MEDIUMWACRM Authorization Bypass via Automation Engine EndpointEPSS 0.2%CVE-2026-6613MEDIUMTransformerOptimus SuperAGI agent.py get_schedule_data authorizationEPSS 0.2%CVE-2026-25744MEDIUMOpenEMR: POST /api/.../vital Accepts Attacker-Supplied id and Overwrites Arbitrary VitalsEPSS 0.2%CVE-2025-13109MEDIUMHUSKY – Products Filter Professional for WooCommerce <= 1.3.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_query/woof_remove_query'EPSS 0.2%CVE-2025-41069MEDIUMInsecure Direct Object References (IDOR) in DeporSite of T-Innova DeporSiteEPSS 0.2%CVE-2025-62180HIGHPega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.EPSS 0.2%CVE-2025-58402HIGHInsecure Direct Object Reference Message IDEPSS 0.2%CVE-2025-13452MEDIUMAdmin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated User Impersonation in Order MessagesEPSS 0.2%CVE-2026-7144MEDIUM1000 Projects Portfolio Management System MCA update_passwd_process.php authorizationEPSS 0.2%CVE-2026-40590MEDIUMFreeScout's Customer AJAX Create Modifies Hidden Existing CustomerEPSS 0.2%CVE-2026-49355MEDIUMOpenProject: Private work package data disclosure through single meeting agenda item APIEPSS 0.2%