Falhas do tipo CWE-639

1.585 resultados
CVE-2026-5875MEDIUMPolicy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (ChEPSS 0.2%CVE-2023-40200MEDIUMWordPress WP Logo Showcase Responsive Slider and Carousel plugin <= 3.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-42291MEDIUMSysReptor: Read-write access to personal notes by sharing-link creation with no authorization in SysReptor ProfessionalEPSS 0.2%CVE-2026-22050MEDIUMONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled are susceptible to a vulnerability which EPSS 0.2%CVE-2025-41086MEDIUMAuthorization bypass in GAMS from GAMS Development Corp.EPSS 0.2%CVE-2026-57652MEDIUMWordPress JS Help Desk plugin <= 3.1.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-57665MEDIUMWordPress GravityView plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-12063MEDIUMAn insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissEPSS 0.2%CVE-2025-13125MEDIUMIDOR in Im Park's DijiDemiEPSS 0.2%CVE-2026-44731MEDIUMOpenProject: Improper Access Control on OpenProject through /projects/[projectName]/meetings via "invited_user_id" in GET parameter "filters" leads to user names disclosureEPSS 0.2%CVE-2026-39967LOWTypeBot: Cross-Typebot Result Data Access via Missing typebotId FilterEPSS 0.2%CVE-2026-54322HIGHDaytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org's rolesEPSS 0.2%CVE-2026-24631MEDIUMWordPress Rosebud theme <= 1.4 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-57634MEDIUMWordPress PPWP plugin <= 1.9.19 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-69029MEDIUMWordPress Struktur theme <= 2.5.1 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-52779MEDIUMOpenProject: Cross-project authorization bypass allows deleting public Calendar and Team Planner queries from unauthorized projectsEPSS 0.2%CVE-2025-69030MEDIUMWordPress Backpack Traveler theme <= 2.10.3 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-69032MEDIUMWordPress FiveStar theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-23638MEDIUMKiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled KeyEPSS 0.2%CVE-2026-57676MEDIUMWordPress Simple User Avatar plugin <= 4.9 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%