Falhas do tipo CWE-639
1.528 resultadosCVE-2024-27730CRITICALInsecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary codEPSS 0.8%CVE-2023-0985HIGHHelmholz and MB Connect Line: Account takeover via password reset in multiple productsEPSS 0.8%CVE-2022-1810CRITICALAuthorization Bypass Through User-Controlled Key in publify/publifyEPSS 0.8%CVE-2021-3964MEDIUMAuthorization Bypass Through User-Controlled Key in elgg/elggEPSS 0.8%CVE-2021-40355—A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter EPSS 0.8%CVE-2017-0936—Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownershiEPSS 0.8%CVE-2021-24473—User Profile Picture < 2.6.0 - Arbitrary User Picture Change/Deletion via IDOREPSS 0.8%CVE-2024-27302CRITICALAuthorization Bypass Through User-Controlled Key in go-zeroEPSS 0.8%CVE-2020-8235—Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.EPSS 0.8%CVE-2019-5469—An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other EPSS 0.8%CVE-2023-2713CRITICALIDOR vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform.EPSS 0.8%CVE-2024-45032CRITICALA vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5), Industrial Edge Management Virtual (All versiEPSS 0.8%CVE-2022-4799HIGHAuthorization Bypass Through User-Controlled Key in usememos/memosEPSS 0.8%CVE-2022-40186CRITICALAn issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a EPSS 0.8%CVE-2023-53955CRITICALSOUND4 IMPACT/FIRST/PULSE/Eco v2.x Authorization Bypass via Insecure Object ReferencesEPSS 0.8%CVE-2022-4806HIGHAuthorization Bypass Through User-Controlled Key in usememos/memosEPSS 0.8%CVE-2022-1425—WPQA < 5.2 - Subscriber+ Private Message Disclosure via IDOREPSS 0.8%CVE-2022-24187HIGHThe user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabiEPSS 0.7%CVE-2024-32166HIGHWebid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now anEPSS 0.7%CVE-2023-0688MEDIUMMetform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_thankyou shortcodeEPSS 0.7%