Fallos del tipo CWE-639

1575 resultados
CVE-2025-64431HIGHIDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data TemperingEPSS 0.3%CVE-2025-64012MEDIUMInvoicePlane commit debb446c is vulnerable to Incorrect Access Control. The invoices/view handler fails to verify ownership before returningEPSS 0.3%CVE-2026-1558MEDIUMWP Recipe Maker <= 10.3.2 - Insecure Direct Object Reference to Unauthenticated Arbitrary Post Metadata Modification via 'recipeId' ParameterEPSS 0.3%CVE-2026-30927MEDIUMAdmidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameterEPSS 0.3%CVE-2025-10039MEDIUMELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.9 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'eh_crm_ticket_single_view_client'EPSS 0.3%CVE-2026-45810MEDIUMNextcloud: Propfind requests for file comments allowed to load comments for other filesEPSS 0.3%CVE-2025-67985MEDIUMWordPress Document Library Lite plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-27433MEDIUMBroken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)EPSS 0.3%CVE-2026-41372MEDIUMOpenClaw < 2026.4.2 - Loopback Protection Bypass via Trailing-Dot Localhost in CDP DiscoveryEPSS 0.3%CVE-2024-13887MEDIUMBusiness Directory Plugin - Easy Listing Directories for WordPress <= 6.4.14 - Insecure Direct Object Reference to Listing Arbitrary Image AdditionEPSS 0.3%CVE-2026-24900MEDIUMMarkUs has a submission-view IDOR exposes all student submissionsEPSS 0.3%CVE-2025-13479HIGHIDOR in PosCube's QR MenuEPSS 0.3%CVE-2025-30257MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-31147MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-65030HIGHRallly Improper Authorization in Comment Deletion Endpoint Allows Unauthorized Comment RemovalEPSS 0.3%CVE-2025-31933MEDIUMGrowatt Cloud Applications Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2022-48505This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected partEPSS 0.3%CVE-2026-44776MEDIUMKavita: IDOR in /api/Download/*EPSS 0.3%CVE-2025-27575MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-31941MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%