Fallos del tipo CWE-639
1553 resultadosCVE-2025-5948CRITICALService Finder Bookings <= 6.0 - Unauthenticated Privilege Escalation via claim_businessEPSS 0.4%CVE-2024-12046MEDIUMMedical Addon for Elementor <= 1.6.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via ShortcodeEPSS 0.4%CVE-2025-9520HIGHIDOR Leading to Owner Account Hijacking in Omada ControllerEPSS 0.4%CVE-2024-13372MEDIUMWP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Arbitrary Resume DownloadEPSS 0.4%CVE-2026-28216HIGHhoppscotch has IDOR in updateUserEnvironment / deleteUserEnvironmentEPSS 0.4%CVE-2025-52389HIGHAn Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows authenticated attackers to access sensitiEPSS 0.4%CVE-2025-42605CRITICALImproper Access Control Vulnerability in Meon Bidding SolutionsEPSS 0.4%CVE-2024-39642MEDIUMWordPress LearnPress plugin <= 4.2.6.8.2 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2026-32131HIGHZITADEL Cross-Tenant Information Disclosure in Management APIEPSS 0.4%CVE-2026-33663HIGHn8n Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community EditionEPSS 0.4%CVE-2024-10439MEDIUMSunnet eHRD CTMS - Insecure Direct Object ReferenceEPSS 0.4%CVE-2024-45786HIGHImproper Authorization VulnerabilityEPSS 0.4%CVE-2024-4151HIGHImproper Access Control in lunary-ai/lunaryEPSS 0.4%CVE-2023-38055CRITICALA BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} in EasyAppointments < 1.5.0EPSS 0.4%CVE-2026-33053MEDIUMLangflow has Missing Ownership Verification in API Key Deletion (IDOR)EPSS 0.4%CVE-2022-42067MEDIUMOnline Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerabilityEPSS 0.4%CVE-2023-7049MEDIUMCustom Field For WP Job Manager <= 1.2 - Insecure Direct Object Reference to Sensitive Information Exposure via ShortcodeEPSS 0.4%CVE-2024-13607MEDIUMJS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.8 - Authenticated (Subscriber+) Insecure Direct Object ReferenceEPSS 0.4%CVE-2026-45746CRITICALTermix Vulnerable to Arbitrary Command Execution via Session HijackingEPSS 0.4%CVE-2024-8261HIGHIDOR in Proliz Software's OBSEPSS 0.4%