Fallos del tipo CWE-639
1572 resultadosCVE-2026-40768HIGHWordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-33724MEDIUMn8n's Source Control SSH Configuration Uses StrictHostKeyChecking=noEPSS 0.3%CVE-2024-4341MEDIUMIDOR in ExtremePacs's Extreme XDSEPSS 0.3%CVE-2024-10692MEDIUMPowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.8.1 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2026-54826HIGHWordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-32097HIGHPingPong has improper access control in thread file endpoints allows access outside intended scopeEPSS 0.3%CVE-2025-59133HIGHWordPress Projectopia plugin <= 5.1.25.2 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-3321HIGHAuthorization Bypass in ON24 Q&A chatEPSS 0.3%CVE-2026-53471CRITICALMigration-planner: agent api ignores jwt source_id claimEPSS 0.3%CVE-2025-3769MEDIUMLatepoint <= 5.1.92 - Unauthenticated Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-44736MEDIUMOpenProject: Relations API Filter Bypasses Visibility Scope, Leaking Cross-Project Work Package SubjectsEPSS 0.3%CVE-2026-10038MEDIUMCharitable <= 1.8.11.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Attachment Deletion via 'avatar' ParameterEPSS 0.3%CVE-2026-44504HIGHAegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR)EPSS 0.3%CVE-2024-52601MEDIUMiTop portal Insecure Direct Object Reference vulnerabilityEPSS 0.3%CVE-2025-54691MEDIUMWordPress Motors Plugin plugin <= 1.4.80 - Insecure Direct Object References (IDOR) VulnerabilityEPSS 0.3%CVE-2026-31867MEDIUMCraft Commerce has a Potential IDOR in Commerce cartsEPSS 0.3%CVE-2026-1251MEDIUMSupportCandy – Helpdesk & Customer Support Ticket System <= 3.4.4 - Authenticated (Subscriber+) Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-45281HIGHNextcloud: Cross-Account Calendar Takeover via Unauthorized Group-Member-Set UpdateEPSS 0.3%CVE-2025-7049HIGHWPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Privilege Escalation via Account TakeoverEPSS 0.3%CVE-2026-45832HIGHAll V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing atEPSS 0.3%