Fallos del tipo CWE-639
1569 resultadosCVE-2024-10777MEDIUMAnyWhere Elementor <= 1.2.11 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2026-40043HIGHPachno 1.0.6 Authentication Bypass via runSwitchUser()EPSS 0.3%CVE-2025-11519MEDIUMImage optimization service by Optimole <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Author+) Media OffloadEPSS 0.3%CVE-2026-35584MEDIUMFreeScout has an Unauthenticated IDOR in Open Tracking Endpoint Allows Cross-Conversation Thread Manipulation and EnumerationEPSS 0.3%CVE-2025-68997MEDIUMWordPress wpDiscuz plugin <= 7.6.43 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-35478HIGHInvenTree has Arbitrary API Token CreationEPSS 0.3%CVE-2026-4630MEDIUMKeycloak: keycloak: unauthorized resource access and data modification via insecure direct object referenceEPSS 0.3%CVE-2024-12309MEDIUMRate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled PostsEPSS 0.3%CVE-2024-12131MEDIUMWP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.5- Authenticated (Subscriber+) Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-28503MEDIUMTandoor Recipes has Cross-Space IDOR in SyncViewSet.query_synced_folder: missing space scoping on get_object_or_404EPSS 0.3%CVE-2024-10779MEDIUMCowidgets – Elementor Addons <= 1.2.0 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2026-34832MEDIUMScoold: Cross-Account Feedback Deletion (IDOR)EPSS 0.3%CVE-2024-13873MEDIUMWP Job Portal <= 2.2.8 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo DisconnectionEPSS 0.3%CVE-2024-13832MEDIUMUltra Addons Lite for Elementor <= 1.1.8 - Authenticated (Contributor+) Restricted Post DisclosureEPSS 0.3%CVE-2024-33373MEDIUMAn issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords forEPSS 0.3%CVE-2026-42456MEDIUMAnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (IDOR)EPSS 0.3%CVE-2026-3605HIGHVault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-ServiceEPSS 0.3%CVE-2026-6570MEDIUMkodcloud KodExplorer systemMember.class.php initInstall authorizationEPSS 0.3%CVE-2024-10669MEDIUMCountdown Timer block – Display the event's date into a timer. <= 1.2.4 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2026-56069HIGHWordPress Toolset Forms plugin <= 2.6.24 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%