Falhas do tipo CWE-639
1.587 resultadosCVE-2026-2461MEDIUMMissing authorization check allows unauthorized modification of other users' comments on a boardEPSS 0.2%CVE-2024-5166MEDIUMInsecure Direct Object Reference In LookerEPSS 0.2%CVE-2026-28361MEDIUMNocoDB: Missing Ownership Validation in MCP Token OperationsEPSS 0.2%CVE-2026-6976LOWAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.2%CVE-2025-12071MEDIUMFrontend User Notes <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Note ModificationEPSS 0.2%CVE-2025-8884MEDIUMIDOR in VHS Electronic Software's ACE CenterEPSS 0.2%CVE-2025-12997LOWInsecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific EPSS 0.2%CVE-2026-32535MEDIUMWordPress JS Help Desk plugin <= 3.0.3 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-47715LOWBugsink: Issue event views can show an event from another project if its UUID is knownEPSS 0.2%CVE-2026-6062MEDIUMIDOR in Jira plugin subscription edit endpointEPSS 0.2%CVE-2026-24756MEDIUMKiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled KeyEPSS 0.2%CVE-2026-56823MEDIUMAutoGPT: IDOR in Webhook Ping Endpoint Allows Enumeration and Cross-User Ping TriggeringEPSS 0.1%CVE-2025-12881MEDIUMReturn Refund and Exchange For WooCommerce <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Order Message ReadEPSS 0.1%CVE-2026-3473MEDIUMImproper file ownership validation in the Boards API allows unauthorised file accessEPSS 0.1%CVE-2026-47716LOWBugsink: Issue bulk actions can affect another project’s issue if its UUID is knownEPSS 0.1%CVE-2023-32189MEDIUMInsecure handling SSH key in SUSE Manager when bootstrapping new clientsEPSS 0.1%CVE-2025-11690HIGHIDOR vulnerability in the CFMOTO RIDE APIEPSS 0.1%CVE-2026-24761LOWKiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled KeyEPSS 0.1%CVE-2026-33141MEDIUMChamilo LMS has an IDOR in REST API Stats Endpoint Exposes Any User's Learning DataEPSS 0.1%CVE-2026-40865HIGHHorilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>EPSS 0.1%