Falhas do tipo CWE-639
1.587 resultadosCVE-2026-13350LOWPermissions where checked incorrectly during room creation, allowing attackers to create rooms of types they shouldn't be allowed to create.EPSS 0.2%CVE-2023-26237MEDIUMAn issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capabilities by adding a registry key as SYSTEPSS 0.2%CVE-2026-54015MEDIUMOpen WebUI: Prompt history IDOR: unbound history_id allows cross-prompt read and deletionEPSS 0.2%CVE-2026-53863MEDIUMOpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in Tool Group PolicyEPSS 0.2%CVE-2026-40784HIGHWordPress FluentBoards plugin <= 1.91.2 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-12766MEDIUMInsecure Direct Object Reference (IDOR) vulnerability in the Management Console of affected versions of BlackBerry AtHoc.EPSS 0.2%CVE-2026-41906HIGHFreeScout: Conversation Change-Customer Cross-Mailbox Authorization BypassEPSS 0.2%CVE-2026-30884CRITICALmdjnelson/moodle-mod_customcert Vulnerable to Authorization Bypass Through User-Controlled KeyEPSS 0.2%CVE-2026-20219MEDIUMA vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of othEPSS 0.2%CVE-2025-12087MEDIUMWishlist and Save for later for Woocommerce <= 1.1.22 - Insecure Direct Object Reference to Authenticated (Subscriber+) Wishlist Item DeletionEPSS 0.2%CVE-2026-49338HIGHSubsonic API: any authenticated user can delete or read any other user's playlist (IDOR)EPSS 0.2%CVE-2023-30059MEDIUMAn insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation EPSS 0.2%CVE-2026-43883MEDIUMWWBN AVideo: IDOR in PayPalYPT agreementCancel.json.php Allows Any Authenticated User to Cancel Arbitrary PayPal Subscription AgreementsEPSS 0.2%CVE-2026-27898MEDIUMVaultwarden: Unauthorized Access via Partial Update API on Another User’s CipherEPSS 0.2%CVE-2021-4142—The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use theEPSS 0.2%CVE-2026-35165MEDIUMLORIS has incorrect access checks in document_repositoryEPSS 0.2%CVE-2025-65096MEDIUMRomM Insecure Direct Object Reference (IDOR) Allows Unauthorized Access to Private CollectionsEPSS 0.2%CVE-2025-14594LOWAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.2%CVE-2025-12086MEDIUMReturn Refund and Exchange For WooCommerce <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Refund Request CancellationEPSS 0.2%CVE-2026-27881MEDIUMCoolify: Cross-team deployment information disclosure via GET /api/v1/deployments/{uuid} (IDOR)EPSS 0.2%