Falhas do tipo CWE-639
1.574 resultadosCVE-2025-57994MEDIUMWordPress Upcoming Events Lists Plugin <= 1.4.0 - Insecure Direct Object References (IDOR) VulnerabilityEPSS 0.3%CVE-2024-11216HIGHBroken Access Control in PozitifIK's Pik OnlineEPSS 0.3%CVE-2025-8447HIGHIncorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed read-only accessEPSS 0.3%CVE-2026-30231MEDIUMFlare: Private File IDOR via raw/direct endpointsEPSS 0.3%CVE-2026-45743HIGHTermix has a File-Manager Session Hijack via Missing Ownership Check (IDOR)EPSS 0.3%CVE-2026-11500LOWWeaviate Static API Key client.go validateConfig authorizationEPSS 0.3%CVE-2026-2879MEDIUMGetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Post Overwrite/DeletionEPSS 0.3%CVE-2026-7510MEDIUMOWAP DefectDojo Benchmark/Engagement/Product/Survey authorizationEPSS 0.3%CVE-2025-4596MEDIUMInformation disclosure via IDOR in Asseco AMDXEPSS 0.3%CVE-2025-55795LOWThe openml/openml.org web application version v2.0.20241110 uses incremental user IDs and insufficient email ownership verification during eEPSS 0.3%CVE-2025-51479MEDIUMAuthorization bypass in update_user_group in onyx-dot-app Onyx Enterprise Edition 0.27.0 allows remote authenticated attackers to modify arbEPSS 0.3%CVE-2024-22455MEDIUMDell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An uEPSS 0.3%CVE-2025-66911MEDIUMTurms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. TEPSS 0.3%CVE-2026-12102LOWUsersWP <= 1.2.63 - Insecure Direct Object Reference to Authenticated (Editor+) Arbitrary User Avatar/Banner Reset via 'user_id' ParameterEPSS 0.3%CVE-2026-46558HIGHPlane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspacesEPSS 0.3%CVE-2026-32894HIGHChamilo LMS has an IDOR in Gradebook Allows Cross-Course Deletion of Any Student's Grade ResultEPSS 0.3%CVE-2026-53470CRITICALMigration-planner: getsourcedownloadurl missing organization checkEPSS 0.3%CVE-2026-33030HIGHNginx UI: Unencrypted Storage of DNS API Tokens and ACME Private KeysEPSS 0.3%CVE-2026-25564HIGHWeKan < 8.19 Checklist Deletion IDOR via Missing Relationship ValidationEPSS 0.3%CVE-2026-25563HIGHWeKan < 8.19 Checklist Creation Cross-Board IDOREPSS 0.3%