Falhas do tipo CWE-639
1.582 resultadosCVE-2026-32930HIGHChamilo LMS has an IDOR in Gradebook Allows Cross-Course Evaluation Edit Without Ownership CheckEPSS 0.2%CVE-2025-10912MEDIUMIDOR in saastech.io's TemizlikYoldaEPSS 0.2%CVE-2026-25574MEDIUMPayload Affected by Cross-Collection IDOR in payload-preferences Access Control (Multi-Auth Environments)EPSS 0.2%CVE-2025-13874MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.2%CVE-2026-32867MEDIUMOPEXUS eComplaint unauthenticated file uploadEPSS 0.2%CVE-2026-53675MEDIUMBuddyPress 14.4.0 Friends List IDOR via REST APIEPSS 0.2%CVE-2026-2917MEDIUMHappy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' ParameterEPSS 0.2%CVE-2026-2918MEDIUMHappy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Stored Cross-Site Scripting via Template ConditionsEPSS 0.2%CVE-2024-41254MEDIUMAn issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowinEPSS 0.2%CVE-2025-69752MEDIUMAn issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profilEPSS 0.2%CVE-2025-56254MEDIUMPHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability in leave-details.php. An aEPSS 0.2%CVE-2025-14101HIGHIDOR in GG Soft's PaperWorkEPSS 0.2%CVE-2026-55583HIGHTwenty: Cross-workspace IDOR in AgentTurnResolverEPSS 0.2%CVE-2026-57945MEDIUMPhotoPrism - Unauthorized User Profile Modification via PUT /api/v1/users/{uid} EndpointEPSS 0.2%CVE-2026-2230MEDIUMBooking Calendar <= 10.14.14 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Settings ModificationEPSS 0.2%CVE-2026-24776MEDIUMOpenProject has an IDOR on MeetingAgendaItems allows cross-project meeting agenda item transferEPSS 0.2%CVE-2026-6063MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.2%CVE-2026-1338MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.2%CVE-2024-1470HIGHElevation of Privilege attack on NetIQ Client login extensionEPSS 0.2%CVE-2026-32039MEDIUMOpenClaw < 2026.2.22 - Sender Authorization Bypass via Identity Collision in toolsBySenderEPSS 0.2%