Falhas do tipo CWE-639
1.587 resultadosCVE-2026-45563MEDIUMRoxy-WI: IDOR — any authenticated user can read another user's full action historyEPSS 0.2%CVE-2026-27956MEDIUMCoolify: Cross-team application domain enumeration via domains_by_server endpointEPSS 0.2%CVE-2025-53357MEDIUMGLPI permits reservation modification by unauthorized usersEPSS 0.2%CVE-2026-9799MEDIUMKeycloak: keycloak: unauthorized access to resources via uma permission ticket bypassEPSS 0.2%CVE-2026-8347LOWConcrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in Express association Reorder dialogEPSS 0.2%CVE-2026-35173MEDIUMChyrp Lite has an IDOR via Mass Assignment in Post ModelEPSS 0.2%CVE-2026-2997MEDIUMWisdomGarden|Tronclass - Insecure Direct Object ReferenceEPSS 0.2%CVE-2026-33703HIGHChamilo LMS Critical IDOR: Any Authenticated User Can Extract All Users’ Personal Data and API TokensEPSS 0.2%CVE-2026-40896MEDIUMOpenProject has Cross-Project Meeting Agenda Item Injection via Unscoped Section LookupEPSS 0.2%CVE-2025-61950MEDIUMIn GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. WEPSS 0.2%CVE-2026-24753MEDIUMKiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled KeyEPSS 0.2%CVE-2025-7733MEDIUMWP JobHunt <= 7.7 - Authenticated (Candidate+) Insecure Direct Object ReferenceEPSS 0.2%CVE-2026-34584MEDIUMlistmonk: Broken Access Control in CSV Import (Unauthorized List Assignment)EPSS 0.2%CVE-2026-5309MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.2%CVE-2026-3139MEDIUMUser Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.15.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Post Author Reassignment via Avatar FieldEPSS 0.2%CVE-2026-32533MEDIUMWordPress LatePoint plugin <= 5.2.6 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-67594MEDIUMWordPress Thim Elementor Kit plugin <= 1.3.3 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-22489MEDIUMWordPress Image Slider Slideshow plugin <= 1.8 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-13350LOWPermissions where checked incorrectly during room creation, allowing attackers to create rooms of types they shouldn't be allowed to create.EPSS 0.2%CVE-2023-26237MEDIUMAn issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capabilities by adding a registry key as SYSTEPSS 0.2%