Falhas do tipo CWE-639
1.590 resultadosCVE-2026-5138MEDIUMForeman: foreman: information disclosure via improper validation of nested request parametersEPSS —CVE-2026-50283MEDIUMCraft CMS: Unauthorized Deletion of Source Assets During File ReplacementEPSS —CVE-2026-5348MEDIUMAcademy LMS <= 3.8.1 - Unauthenticated Insecure Direct Object Reference to Private Topic DisclosureEPSS —CVE-2026-5142MEDIUMForeman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypassEPSS —CVE-2026-53903MEDIUMInsecure Direct Object Reference in MCOEPSS —CVE-2026-59098HIGHLobeChat 2.2.9 - Cross-User Document Disclosure via Unscoped RAG Semantic SearchEPSS —CVE-2026-9188MEDIUMAppointment Bookings for Zoom GoogleMeet and more – Wappointment <= 2.7.6 - Unauthenticated Insecure Direct Object Reference via Predictable 'edit_key' / 'appointmentkey' ParameterEPSS —CVE-2026-5135MEDIUMForeman: foreman: unauthorized modification of host configurations via broken access controlEPSS —CVE-2026-49858MEDIUMAPI Platform Core: Cross-user attribute leak in JSON:API and HAL item normalizers due to missing isCacheKeySafe gateEPSS —CVE-2026-59100LOWLobeChat 2.2.9 - Broken Object Level Authorization via Chat-Group Agent OperationsEPSS —