Falhas do tipo CWE-639
1.528 resultadosCVE-2024-33818HIGHGlobitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference (IDOR) via the userID parameter.EPSS 0.6%CVE-2023-44154MEDIUMSensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect EPSS 0.6%CVE-2023-4213HIGHSimplr Registration Form Plus+ <= 2.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password ChangeEPSS 0.6%CVE-2022-2877—Titan Anti-spam & Security < 7.3.1 - Protection Bypass due to IP SpoofingEPSS 0.6%CVE-2022-44005MEDIUMAn issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up fuEPSS 0.6%CVE-2022-2824HIGHAuthorization Bypass Through User-Controlled Key in openemr/openemrEPSS 0.6%CVE-2022-2198—WPQA < 5.7 - Subscriber+ Private Message Disclosure via IDOREPSS 0.6%CVE-2023-1889MEDIUMDirectorist <= 7.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion in listing_taskEPSS 0.6%CVE-2023-48304MEDIUMNextcloud Server vulnerable to attacker enabling/disabling birthday calendar for any userEPSS 0.6%CVE-2023-0691MEDIUMMetform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_last_name shortcodeEPSS 0.6%CVE-2024-8292CRITICALWP-Recall – Registration, Profile, Commerce & More <= 16.26.8 - Insecure Direct Object Reference to Unauthenticated Arbitrary Password UpdateEPSS 0.6%CVE-2023-0692MEDIUMMetform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_payment_status' shortcodeEPSS 0.6%CVE-2024-25983LOWMsa-24-0006: idor on dashboard comments blockEPSS 0.6%CVE-2025-40805CRITICALAffected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attaEPSS 0.6%CVE-2023-51502HIGHWordPress WooCommerce Stripe Payment Gateway Plugin <= 7.6.1 is vulnerable to Insecure Direct Object References (IDOR)EPSS 0.6%CVE-2023-3063HIGHSP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password ChangeEPSS 0.6%CVE-2026-25758HIGHSpree allows unauthenticated users can access all guest addressesEPSS 0.6%CVE-2023-53914CRITICALUliCMS 2023.1 Authentication Bypass via Mass Assignment VulnerabilityEPSS 0.6%CVE-2023-24842MEDIUMHGiga MailSherlock - Broken Access ControlEPSS 0.6%CVE-2024-39321HIGHTraefik vulnerable to bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakesEPSS 0.6%