Falhas do tipo CWE-639
1.564 resultadosCVE-2026-28781HIGHCraft Affected by Entries Authorship Spoofing via Mass AssignmentEPSS 0.3%CVE-2026-3999HIGHBroken access control vulnerability affecting ID ServerEPSS 0.3%CVE-2025-3874MEDIUMWordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object ReferenceEPSS 0.3%CVE-2025-24976MEDIUMDistribution's token authentication allows attacker to inject an untrusted signing key in a JWTEPSS 0.3%CVE-2026-25005MEDIUMWordPress Frontend File Manager plugin <= 23.5 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-45760HIGHApache Camel K: Camel K Cross-Namespace Build Deputy AttackEPSS 0.3%CVE-2025-7355MEDIUMIDOR in Beefull Energy Technologies' Beefull AppEPSS 0.3%CVE-2024-55231MEDIUMAn IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to moEPSS 0.3%CVE-2025-0058MEDIUMInformation Disclosure vulnerability in SAP Business Workflow and SAP Flexible WorkflowEPSS 0.3%CVE-2025-13615CRITICALStreamTube Core <= 4.78 - Unauthenticated Arbitrary User Password ChangeEPSS 0.3%CVE-2025-3091HIGHMB connect line: Authorization bypass in mbCONNECT24/mymbCONNECT24EPSS 0.3%CVE-2026-22235HIGHOPEXUS eComplaint IDOREPSS 0.3%CVE-2025-41098HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.3%CVE-2023-38513MEDIUMWordPress Photo Engine Plugin <= 6.2.5 is vulnerable to Insecure Direct Object References (IDOR)EPSS 0.3%CVE-2025-65887MEDIUMA division-by-zero vulnerability in the flow.floor_divide() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) EPSS 0.3%CVE-2023-53930HIGHProjectSend r1605 Insecure Direct Object Reference File Download VulnerabilityEPSS 0.3%CVE-2023-4099HIGHMultiple vulnerabilities in IDM Sistemas QSigeEPSS 0.3%CVE-2025-13842MEDIUMBreadcrumb NavXT <= 7.5.0 - Missing Authorization to Sensitive Information ExposureEPSS 0.3%CVE-2025-66954MEDIUMA vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid useEPSS 0.3%CVE-2024-11275MEDIUMWP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User DeletionEPSS 0.3%