Falhas do tipo CWE-639
1.590 resultadosCVE-2026-53903MEDIUMInsecure Direct Object Reference in MCOEPSS —CVE-2026-59100LOWLobeChat 2.2.9 - Broken Object Level Authorization via Chat-Group Agent OperationsEPSS —CVE-2026-9188MEDIUMAppointment Bookings for Zoom GoogleMeet and more – Wappointment <= 2.7.6 - Unauthenticated Insecure Direct Object Reference via Predictable 'edit_key' / 'appointmentkey' ParameterEPSS —CVE-2026-50283MEDIUMCraft CMS: Unauthorized Deletion of Source Assets During File ReplacementEPSS —CVE-2026-49858MEDIUMAPI Platform Core: Cross-user attribute leak in JSON:API and HAL item normalizers due to missing isCacheKeySafe gateEPSS —CVE-2026-11896MEDIUMMy Calendar <= 3.7.14 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure via 'vcal' ParameterEPSS —CVE-2026-12657MEDIUMLatePoint <= 5.6.2 - Unauthenticated Insecure Direct Object Reference to Arbitrary Creation via 'service_id' ParameterEPSS —CVE-2026-57680MEDIUMWordPress Kirki plugin <= 6.0.11 - Insecure Direct Object References (IDOR) vulnerabilityEPSS —CVE-2026-5138MEDIUMForeman: foreman: information disclosure via improper validation of nested request parametersEPSS —CVE-2026-58653MEDIUMPraisonAI - Authorization Bypass via Unvalidated project_id in Issue Create/UpdateEPSS —