Weaknesses of type CWE-639
1,581 resultsCVE-2023-6504MEDIUMProfile Builder <= 3.10.7 - Insecure Direct Object Reference to Sensitive Information Exposure via user_meta ShortcodeEPSS 0.3%CVE-2026-41471HIGHEasy PayPal Events & Tickets < 1.4 Information Disclosure via QR Code EndpointEPSS 0.3%CVE-2026-7201HIGHCWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress SitefinityEPSS 0.3%CVE-2025-5182MEDIUMSummer Pearl Group Vacation Rental Management Platform Listing authorizationEPSS 0.3%CVE-2025-22608MEDIUMCoolify Vulnerable to Revocation of Arbitrary Team Invitations (DOS)EPSS 0.3%CVE-2025-68514MEDIUMWordPress Paid Member Subscriptions plugin <= 2.16.8 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-15582MEDIUMdetronetdip E-commerce Product Management Update authorizationEPSS 0.3%CVE-2025-7938MEDIUMjerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java updateGoods authorizationEPSS 0.3%CVE-2023-6223MEDIUMLearnPress <= 4.2.5.7 - Insecure Direct Object Reference to Information DisclosureEPSS 0.3%CVE-2024-38446MEDIUMNATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the authEPSS 0.3%CVE-2024-13558HIGHNP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information DisclosureEPSS 0.3%CVE-2026-45402HIGHOpen WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach EndpointsEPSS 0.3%CVE-2024-4873MEDIUMReplace Image <= 1.1.10 - Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-41141MEDIUMEspoCRM: IDOR in EmailTemplate Prepare Endpoint Leaks Entity Data via Email Address LookupEPSS 0.3%CVE-2026-9851HIGHBooking Package <= 1.7.16 - Authenticated (Editor+) Privilege Escalation via Account Takeover to updateUser AJAX ActionEPSS 0.3%CVE-2026-45830HIGHA lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily rEPSS 0.3%CVE-2025-5681MEDIUMIDOR in Turtek Software's EyotekEPSS 0.3%CVE-2026-1375HIGHTutor LMS <= 3.9.5 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Course Modification and DeletionEPSS 0.3%CVE-2024-10366HIGHIDOR in delete attachments in danny-avila/librechatEPSS 0.3%CVE-2025-10024HIGHIDOR in EXERT Computer Technologies' Education Management SystemEPSS 0.3%