Falhas do tipo CWE-639
1.587 resultadosCVE-2025-13003HIGHIDOR in Aksis Computer's AxOnboardEPSS 0.2%CVE-2026-13534LOWCherryHQ cherry-studio CherryIN Preload API MemoryService.ts sha256 authorizationEPSS 0.2%CVE-2026-3074MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.2%CVE-2025-13382MEDIUMFrontend File Manager Plugin <= 23.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary File RenamingEPSS 0.2%CVE-2026-44544MEDIUMgittuf: Policy can be rolled back to prior valid versionEPSS 0.2%CVE-2026-1753MEDIUMGutena Forms < 1.6.1 - Contributor+ Arbitrary Limited Options UpdateEPSS 0.2%CVE-2022-48313MEDIUMThe Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerabEPSS 0.2%CVE-2024-13063MEDIUMIDOR in Akinsoft's MyRezztaEPSS 0.2%CVE-2026-30920HIGHOneUptime has broken access control in GitHub App installation flow that allows unauthorized project bindingEPSS 0.2%CVE-2026-10096MEDIUMQi Blocks <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification via 'page_id' ParameterEPSS 0.2%CVE-2026-45550CRITICALRoxy-WI: IDOR on PUT /smon/check — any user can rewrite any tenant's monitoring URL/IP/bodyEPSS 0.2%CVE-2026-42862HIGHFlowise: Mass Assignment in Tool Update Endpoint Allows Cross-Workspace Resource ReassignmentEPSS 0.2%CVE-2026-1080MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.2%CVE-2025-11748MEDIUMGroups <= 3.7.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Group JoinEPSS 0.2%CVE-2025-11532MEDIUMWisly <= 1.0.0 - Insecure Direct Object Reference to Unauthenticated Wishlist ManipulationEPSS 0.2%CVE-2025-61876MEDIUMInsecure Direct Object Reference (IDOR) in /tenants/{id} API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user withEPSS 0.2%CVE-2026-23522LOWLobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File DeletionEPSS 0.2%CVE-2026-32976HIGHOpenClaw < 2026.3.11 - Account-Scoped configWrites Policy Bypass via Channel CommandsEPSS 0.2%CVE-2026-1389MEDIUMDocument Embedder <= 2.0.4 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Document Library Entry DeletionEPSS 0.2%CVE-2026-8337MEDIUMConcrete CMS 9.5.0 and below is vulnerable to IDOR in surveys when sites are running concurrent public surveys and private surveysEPSS 0.2%