Falhas do tipo CWE-639
1.528 resultadosCVE-2022-0624MEDIUMAuthorization Bypass Through User-Controlled Key in ionicabizau/parse-pathEPSS 0.9%CVE-2024-11318HIGHIDOR vulnerability in AbsysNetEPSS 0.9%CVE-2023-46446MEDIUMAn issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shelEPSS 0.9%CVE-2022-33944MEDIUMICSA-22-200-01 MiCODUS MV720 GPS tracker Authorization Bypass Through User-Controlled KeyEPSS 0.9%CVE-2023-6341MEDIUMCatalis CM360 allows authentication bypass EPSS 0.9%CVE-2023-2260HIGHAuthorization Bypass Through User-Controlled Key in alfio-event/alf.ioEPSS 0.9%CVE-2025-10493MEDIUMChained Quiz <= 1.3.5 - Unauthenticated Insecure Direct Object Reference via CookieEPSS 0.9%CVE-2021-31970MEDIUMWindows TCP/IP Driver Security Feature Bypass VulnerabilityEPSS 0.9%CVE-2023-40720MEDIUMAn authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6EPSS 0.8%CVE-2023-51141MEDIUMAn issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & AuthorizatioEPSS 0.8%CVE-2023-2065HIGHIDOR in Armoli Technology's Cargo Tracking SystemEPSS 0.8%CVE-2018-17449HIGHAn issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attEPSS 0.8%CVE-2021-24655—WP User Manager < 2.6.3 - Arbitrary User Password Reset to Account CompromiseEPSS 0.8%CVE-2023-44206HIGHSensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect EPSS 0.8%CVE-2018-20405LOWBigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with EPSS 0.8%CVE-2024-27630HIGHInsecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted inputEPSS 0.8%CVE-2026-8839MEDIUMMapPress Maps for WordPress <= 2.96.6 - Unauthenticated Insecure Direct Object Reference via REST API EndpointsEPSS 0.8%CVE-2022-4803HIGHAuthorization Bypass Through User-Controlled Key in usememos/memosEPSS 0.8%CVE-2021-3852MEDIUMAuthorization Bypass Through User-Controlled Key in weseek/growiEPSS 0.8%CVE-2023-6929HIGHAuthorization Bypass Through User-Controlled Key in EuroTel ETL3100EPSS 0.8%