Fallos del tipo CWE-639
1571 resultadosCVE-2023-32669MEDIUMAuthorization Bypass on BuddyBossEPSS 0.3%CVE-2026-1619HIGHIDOR in Universal Sotware's FlexCity/KioskEPSS 0.3%CVE-2024-12114MEDIUMFooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page UpdatesEPSS 0.3%CVE-2025-49995MEDIUMWordPress Download Attachments plugin <= 1.3.1 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2024-45232HIGHAn issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, EPSS 0.3%CVE-2025-61148MEDIUMAn Insecure Direct Object Reference (IDOR) vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to accessEPSS 0.3%CVE-2026-29200CRITICALA critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerabilitEPSS 0.3%CVE-2025-9902HIGHIDOR in Akınsoft QRMenuEPSS 0.3%CVE-2025-47555LOWWordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-25197CRITICALGardyn Cloud API Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2023-3290MEDIUMA BOLA vulnerability in POST /customers in EasyAppointments < 1.5.0EPSS 0.3%CVE-2025-24850MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2026-42205HIGHAvo: Broken Access Control: Unauthorized Execution of Arbitrary Action Classes Across ResourcesEPSS 0.3%CVE-2024-10797MEDIUMFull Screen Menu for Elementor <= 1.0.7 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2026-33759MEDIUMAVideo: Unauthenticated IDOR in playlistsVideos.json.php Exposes Private Playlist ContentsEPSS 0.3%CVE-2024-12447MEDIUMGet Post Content Shortcode <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content ShortcodeEPSS 0.3%CVE-2026-24134MEDIUMStudioCMS has an Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-14802MEDIUMLearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material DeletionEPSS 0.3%CVE-2026-53673HIGHBuddyPress 14.4.0 Private Message IDOR via REST API user_id ParameterEPSS 0.3%CVE-2024-12059MEDIUMElementInvader Addons for Elementor <= 1.3.1 - Missing Authorization to Arbitrary Options ReadEPSS 0.3%