Fallos del tipo CWE-639
1581 resultadosCVE-2026-47713LOWAnythingLLM: Legacy mobile device tokens bypass multi-user workspace scoping after mode migrationEPSS 0.2%CVE-2026-27397MEDIUMWordPress Really Simple Security Pro plugin <= 9.5.4.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-6008MEDIUMIDOR in Im Park's DijiDemiEPSS 0.2%CVE-2026-30843CRITICALWekan has Cross-Board IDOR in Custom Fields Update EndpointsEPSS 0.2%CVE-2026-46407HIGHVvveb: admin/auth-token IDOR allows unauthorized disclosure of administrator REST API tokensEPSS 0.2%CVE-2026-5396HIGHFluent Forms <= 6.1.21 - Authenticated (Subscriber+) Authorization Bypass via 'form_id' ParameterEPSS 0.2%CVE-2025-8794MEDIUMLitmusChaos Litmus LocalStorage authorizationEPSS 0.2%CVE-2026-3073MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.2%CVE-2025-67298HIGHAn issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profileEPSS 0.2%CVE-2026-9228MEDIUMTimetable and Event Schedule by MotoPress <= 2.4.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via action_get_event_data FunctionEPSS 0.2%CVE-2025-68492LOWChainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploitEPSS 0.2%CVE-2025-68071MEDIUMWordPress Essential Real Estate plugin <= 5.3.2 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-6614MEDIUMTransformerOptimus SuperAGI project.py get_projects_organisation authorizationEPSS 0.2%CVE-2026-6613MEDIUMTransformerOptimus SuperAGI agent.py get_schedule_data authorizationEPSS 0.2%CVE-2026-49141MEDIUMWACRM Authorization Bypass via Automation Engine EndpointEPSS 0.2%CVE-2026-25744MEDIUMOpenEMR: POST /api/.../vital Accepts Attacker-Supplied id and Overwrites Arbitrary VitalsEPSS 0.2%CVE-2025-13109MEDIUMHUSKY – Products Filter Professional for WooCommerce <= 1.3.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_query/woof_remove_query'EPSS 0.2%CVE-2025-41069MEDIUMInsecure Direct Object References (IDOR) in DeporSite of T-Innova DeporSiteEPSS 0.2%CVE-2025-62180HIGHPega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.EPSS 0.2%CVE-2025-58402HIGHInsecure Direct Object Reference Message IDEPSS 0.2%