Falhas do tipo CWE-639
1.581 resultadosCVE-2025-13452MEDIUMAdmin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated User Impersonation in Order MessagesEPSS 0.2%CVE-2026-7144MEDIUM1000 Projects Portfolio Management System MCA update_passwd_process.php authorizationEPSS 0.2%CVE-2026-40590MEDIUMFreeScout's Customer AJAX Create Modifies Hidden Existing CustomerEPSS 0.2%CVE-2026-33764MEDIUMAVideo: IDOR in AI Plugin Allows Stealing Other Users' AI-Generated Metadata and TranscriptionsEPSS 0.2%CVE-2025-65647MEDIUMInsecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure vEPSS 0.2%CVE-2026-39331HIGHChurchCRM has an API Authorization Bypass Allows Authenticated User to Deactivate, Modify, and Spam Arbitrary FamiliesEPSS 0.2%CVE-2026-49355MEDIUMOpenProject: Private work package data disclosure through single meeting agenda item APIEPSS 0.2%CVE-2026-1291MEDIUMMeow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creationEPSS 0.2%CVE-2025-65020MEDIUMRallly Has Unauthorized Poll Duplication via Insecure Direct Object Reference (IDOR)EPSS 0.2%CVE-2026-39616MEDIUMWordPress Download Attachments plugin <= 1.4.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-27883MEDIUMCoolify: IDOR in Deployment API - Cross-Team Deployment Information DisclosureEPSS 0.2%CVE-2026-27705MEDIUMPlane Vulnerable to Cross-Workspace/Cross-Project Asset Modification via IDOR in ProjectAssetEndpoint.patchEPSS 0.2%CVE-2025-11518MEDIUMWPC Smart Wishlist for WooCommerce <= 5.0.3 - Insecure Direct Object Reference to Unauthenticated Wishlist ManipulationEPSS 0.2%CVE-2026-9241MEDIUMFOX – Currency Switcher Professional for WooCommerce <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass via User-Controlled Key to 'wooc_order_user_roles' ParameterEPSS 0.2%CVE-2026-5337MEDIUMFrontend File Manager Plugin <= 23.6 - Subscriber+ Arbitrary Download Access via IDOREPSS 0.2%CVE-2026-40737MEDIUMWordPress COMPE plugin <= 1.1.4 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-1704MEDIUMAppointment Booking Calendar <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information ExposureEPSS 0.2%CVE-2026-1436HIGHImproper Access Control (IDOR) vulnerability in Graylog Web InterfaceEPSS 0.2%CVE-2026-40591HIGHFreeScout: Improper Authorization in Phone Conversation Creation Enables Cross-Mailbox Hidden Customer ModificationEPSS 0.2%CVE-2026-39354MEDIUMScoold has an Authenticated Arbitrary Question Overwrite via Client-Controlled postId in POST /questions/askEPSS 0.2%