Fallos del tipo CWE-639

1575 resultados
CVE-2026-42725MEDIUMWordPress Checkout Files Upload for WooCommerce plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-29069MEDIUMCraft has an unauthenticated activation email trigger with potential user enumerationEPSS 0.3%CVE-2026-48599HIGHAuthorization bypass via path binding override in elixir-grpc/grpc HTTP transcodingEPSS 0.3%CVE-2025-62242MEDIUMInsecure Direct Object Reference (IDOR) vulnerability with account addresses in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 20EPSS 0.3%CVE-2024-12099MEDIUMDollie Hub – Build Your Own WordPress Cloud Platform <= 6.2.0 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2025-69202MEDIUMaxios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary HeaderEPSS 0.3%CVE-2026-55197HIGHHermes WebUI < 0.51.443 - Broken Access Control in /api/session EndpointEPSS 0.3%CVE-2026-55198HIGHHermes WebUI < 0.51.443 - Cross-Profile Session Data Exfiltration via Session Export EndpointEPSS 0.3%CVE-2026-39968HIGHTypeBot: Cross-Workspace Credential Theft via Bot-Engine Preview EndpointEPSS 0.3%CVE-2026-11987MEDIUMDokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure via 'id' ParameterEPSS 0.3%CVE-2024-31898MEDIUMIBM InfoSphere Information Server data modificationEPSS 0.3%CVE-2026-25120MEDIUMGogs Allows Cross-Repository Comment Deletion via DeleteCommentEPSS 0.3%CVE-2026-22383HIGHWordPress PawFriends - Pet Shop and Veterinary WordPress theme theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-46390MEDIUMHAX CMS has Unauthenticated Git Access via User-Controlled KeyEPSS 0.3%CVE-2026-6571MEDIUMkodcloud KodExplorer systemRole.class.php roleGroupAction authorizationEPSS 0.3%CVE-2026-45671HIGHOpen WebUI: shared-chat branch ignores access_type, allowing unauthorized file deletionEPSS 0.3%CVE-2025-67919MEDIUMWordPress Woffice Core plugin <= 5.4.30 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-6586MEDIUMTransformerOptimus SuperAGI Budget Endpoint budget.py update_budget authorizationEPSS 0.3%CVE-2026-3307MEDIUMAuthorization bypass in GitHub Enterprise Server secret scanning push protection allows cross-repository modification of delegated bypass reviewersEPSS 0.3%CVE-2025-39434MEDIUMWordPress Avatar plugin <= 0.1.4 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%