Weaknesses of type CWE-639

1,580 results
CVE-2024-43322MEDIUMWordPress Zephyr Project Manager plugin <= 3.3.100 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2026-2729MEDIUMForminator – Contact Form, Payment Form & Custom Form Builder <= 1.52.0 - Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse / Underpayment Bypass via 'paymentid' ParameterEPSS 0.4%CVE-2023-41368LOWInsecure Direct Object Reference (IDOR) vulnerability in S4 HANA (Manage checkbook apps)EPSS 0.4%CVE-2024-52294MEDIUMkhoj has an IDOR in subscription management that allows unauthorized subscription modificationsEPSS 0.4%CVE-2025-51865HIGHAi2 playground web service (playground.allenai.org) LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference (IDOR), alEPSS 0.4%CVE-2025-9559MEDIUMPega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read dataEPSS 0.4%CVE-2026-42889CRITICALRelay Server WebSocket authentication bypass when token is omittedEPSS 0.4%CVE-2026-1664MEDIUMInsecure Direct Object Reference (IDOR) via Header-Based Email RoutingEPSS 0.4%CVE-2025-22695MEDIUMWordPress Nirweb support plugin <= 3.0.3 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-10947MEDIUMSistemas Pleno Gestão de Locação CPF validarCpf authorizationEPSS 0.4%CVE-2023-36520MEDIUMWordPress Editorial Calendar Plugin <= 3.7.12 is vulnerable to Insecure Direct Object References (IDOR)EPSS 0.4%CVE-2025-69347HIGHWordPress WPSubscription plugin <= 1.8.10 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2026-24136HIGHSaleor has an Insecure Direct Object Reference (IDOR) in GraphQL APIEPSS 0.4%CVE-2025-11924HIGHNinja Forms – The Contact Form Builder That Grows With You <= 3.13.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer TokenEPSS 0.4%CVE-2024-12132MEDIUMWP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object ReferenceEPSS 0.4%CVE-2024-43266MEDIUMWordPress WP Job Portal plugin <= 2.1.8 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2024-5619CRITICALIDOR in PruvaSoft Informatics' Apinizer Management ConsoleEPSS 0.4%CVE-2026-56422CRITICALMISP Core: Mass Assignment and Object Re-ownership via Unvalidated Request FieldsEPSS 0.4%CVE-2026-56424HIGHBroken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, templates, and decaying modelsEPSS 0.4%CVE-2024-34520HIGHAn authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allowsEPSS 0.4%