Falhas do tipo CWE-639

1.579 resultados
CVE-2025-31933MEDIUMGrowatt Cloud Applications Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-12524MEDIUMPost Type Switcher <= 4.0.0 - Insecure Direct Object Reference to Authenticated (Author+) Post Type ChangeEPSS 0.3%CVE-2025-13748MEDIUMFluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_idEPSS 0.3%CVE-2026-1206MEDIUMElementor Website Builder <= 3.35.7 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Elementor TemplateEPSS 0.3%CVE-2022-48505This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected partEPSS 0.3%CVE-2025-31357MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2026-10023MEDIUMDokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification via Multiple AJAX HandlersEPSS 0.3%CVE-2025-27927MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-30257MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-27929MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2026-42463HIGHSQLBot: Unauthorized Access VulnerabilityEPSS 0.2%CVE-2025-50849HIGHCS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickerEPSS 0.2%CVE-2025-62241MEDIUMInsecure Direct Object Reference (IDOR) vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote autheEPSS 0.2%CVE-2025-11895MEDIUMBinary MLM Plan <= 5.0 - Authenticated (Subscriber+) Insecure Direct Object ReferenceEPSS 0.2%CVE-2026-40792MEDIUMWordPress KiviCare plugin <= 4.2.1 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-40570MEDIUMFreeScout's Missing Authorization in load_customer_info Allows Any Authenticated User to Access Full Customer PIIEPSS 0.2%CVE-2024-8988MEDIUMPeepSo Core: File Uploads <= 6.4.6.0 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via file_downloadEPSS 0.2%CVE-2025-13389MEDIUMAdmin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated Information DisclosureEPSS 0.2%CVE-2026-7787HIGHUnauthenticated Session History Access via Public Flow ExecutionEPSS 0.2%CVE-2026-5199LOWCross Namespace Access via Batch OperationEPSS 0.2%