Fallos del tipo CWE-639
1587 resultadosCVE-2026-6542MEDIUMMonitor API allows cross-user read of transaction logs and deletion of build data via flow_idEPSS 0.2%CVE-2026-22407MEDIUMWordPress Roam theme <= 2.1.1 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-44732MEDIUMOpenProject: IDOR on OpenProject through /api/v3/documents/{id} via PATCH parameter "project_id" leads to Unauthorized Modification of ResourcesEPSS 0.2%CVE-2026-22406MEDIUMWordPress Overton theme <= 1.3 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-22409MEDIUMWordPress Justicia theme <= 1.2 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-10140CRITICALCross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode SubsystemEPSS 0.2%CVE-2026-35183HIGHBrave CMS has an Insecure Direct Object Reference in Article Image DeletionEPSS 0.2%CVE-2026-42277MEDIUMOnyx: IDOR in /chat/file/{file_id} allows any authenticated user to download other users filesEPSS 0.2%CVE-2026-30954MEDIUMLinkAce has a Cross-User Tag/List Attachment IDOR in processTaxonomy()EPSS 0.2%CVE-2026-11142MEDIUMInsufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via EPSS 0.2%CVE-2026-34592HIGHCoolify: Cross-Team IDOR via Unscoped Server and Project Lookups Exposes SSH Keys and InfrastructureEPSS 0.2%CVE-2026-22404MEDIUMWordPress Innovio theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-22411MEDIUMWordPress Dolcino theme <= 1.6 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-47238MEDIUMClipBucket: IDOR in videos subtitle editorEPSS 0.2%CVE-2025-12353MEDIUMWPFunnels <= 3.6.2 - Unauthorized User RegistrationEPSS 0.2%CVE-2024-22439MEDIUMCertain HPE FlexNetwork and FlexFabric Switches, Remote Authentication BypassEPSS 0.2%CVE-2025-1327MEDIUMHomey - Booking and Rentals WordPress Theme <= 2.4.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User DeletionEPSS 0.2%CVE-2026-46408HIGHVvveb: checkout IDOR allows unauthorized reuse of another user's cartEPSS 0.2%CVE-2026-45155LOWNextcloud: Private circle can be added to another circle via APIEPSS 0.2%CVE-2025-59687MEDIUMIMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notiEPSS 0.2%