Falhas do tipo CWE-639
1.572 resultadosCVE-2025-43827MEDIUMInsecure Direct Object Reference (IDOR) vulnerability with audit events in Liferay Portal 7.4.0 through 7.4.3.117, and older unsupported verEPSS 0.3%CVE-2025-9836MEDIUMmacrozheng mall paySuccess authorizationEPSS 0.3%CVE-2026-3124HIGHDownload Monitor <= 5.1.7 - Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'order_id'EPSS 0.3%CVE-2026-1947HIGHNEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_idEPSS 0.3%CVE-2026-8786MEDIUMTencent WeKnora Config API Endpoint initialization.go getKnowledgeBaseForInitialization authorizationEPSS 0.3%CVE-2026-40907MEDIUMWWBN AVideo has IDOR in Live Restreams list.json.php that Exposes Other Users' Stream Keys and OAuth TokensEPSS 0.3%CVE-2026-32694MEDIUMInsecure Direct Object Reference attack via predictable secret ID in JujuEPSS 0.3%CVE-2024-45329LOWA authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 EPSS 0.3%CVE-2026-1541MEDIUMAvada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-42863HIGHFlowise: Mass Assignment in Chatflow Update Endpoint Allows Cross-Workspace AgentFlow ReassignmentEPSS 0.3%CVE-2025-68975MEDIUMWordPress Eagle Booking plugin <= 1.3.4.3 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-35045HIGHTandoor Recipes Affected by Private Recipe Exposure and Unauthorized ModificationEPSS 0.3%CVE-2026-45552CRITICALRoxy-WI: Cross-tenant authorization bypass on /install/* — guest can run Ansible / SSH on every registered serverEPSS 0.3%CVE-2026-34055HIGHOpenEMR has IDOR in Patient Notes Web UI allows unauthorized note access/modificationEPSS 0.3%CVE-2026-56774MEDIUMKanboard - Cross-User Deletion of Persistent Login Sessions via Unvalidated Session IDEPSS 0.3%CVE-2026-42279MEDIUMsolidtime: Time entry update endpoint allows cross-organization modification of a known time-entry UUIDEPSS 0.3%CVE-2026-31956MEDIUMXibo CMS has Preview and SavedReport IDOR via disableUserCheck without controller-level authorizationEPSS 0.3%CVE-2026-28225MEDIUMManyfold has IDOR in ModelFilesControllerEPSS 0.3%CVE-2026-56780HIGHModoboa < 2.9.0 - Insecure Direct Object Reference in Account Password Change APIEPSS 0.3%CVE-2025-64105MEDIUMFOSSBilling: IDOR Vulnerability in Support Ticket CreationEPSS 0.3%