Falhas do tipo CWE-639

1.575 resultados
CVE-2025-26660MEDIUMBroken Access Control in SAP Fiori apps (Posting Library)EPSS 0.3%CVE-2026-45666MEDIUMOpen WebUI: Indirect Object Reference (IDOR) in user notesEPSS 0.3%CVE-2026-4549LOWmickasmt next-saas-stripe-starter Stripe API open-customer-portal.ts openCustomerPortal authorizationEPSS 0.3%CVE-2024-6357MEDIUMInsecure Direct Object Reference vulnerabilityEPSS 0.3%CVE-2026-53726MEDIUMParse Server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACLEPSS 0.3%CVE-2026-2366LOWKeycloak: keycloak: information disclosure via authorization bypass in admin apiEPSS 0.3%CVE-2026-9099HIGHKeycloak: group-admin escalation to realm-adminEPSS 0.3%CVE-2026-4171MEDIUMCodeGenieApp serverless-express API Endpoint TodoList.ts authorizationEPSS 0.3%CVE-2024-5258MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.3%CVE-2025-7899MEDIUMInsecure Direct Object Reference in extension "powermail" (powermail)EPSS 0.3%CVE-2025-20214MEDIUMA vulnerability in the Network Configuration Access Control Module (NACM) of Cisco IOS XE Software could allow an authenticated, remote attaEPSS 0.3%CVE-2026-54324MEDIUMDaytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId joinEPSS 0.3%CVE-2024-55186MEDIUMAn IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messageEPSS 0.3%CVE-2026-32697MEDIUMSuiteCRM: RecordHandler::getRecord() missing ACLAccess('view') check allows any authenticated user to read any record (IDOR)EPSS 0.3%CVE-2026-21447HIGHBagisto has IDOR in Customer Order Reorder FunctionalityEPSS 0.3%CVE-2026-30886MEDIUMNew API: IDOR in VideoProxy allows cross-user video content access via missing ownership checkEPSS 0.3%CVE-2026-25745MEDIUMOpenEMR's Message Update Ignores Patient idEPSS 0.3%CVE-2026-33356HIGHMeari MQTT broker missing per-device subscribe ACLEPSS 0.3%CVE-2026-46441HIGHFlowise: Mass Assignment in Assistant Update Endpoint Allows Cross-Workspace Resource ReassignmentEPSS 0.3%CVE-2025-55737MEDIUMflaskBlog arbitrary comment deleteEPSS 0.3%