Weaknesses of type CWE-639
1,581 resultsCVE-2025-10024HIGHIDOR in EXERT Computer Technologies' Education Management SystemEPSS 0.3%CVE-2025-12623LOWfushengqian fuint Authentication Token ClientSignController.java authorizationEPSS 0.3%CVE-2025-15001CRITICALFS Registration Password <= 1.0.1 - Unauthenticated Privilege Escalation via Account TakeoverEPSS 0.3%CVE-2023-27576—An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipulate and edit data of the system's super EPSS 0.3%CVE-2024-5438MEDIUMTutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt DeletionEPSS 0.3%CVE-2026-33297MEDIUMAVideo has an IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.phpEPSS 0.3%CVE-2024-13425MEDIUMWP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company DeletionEPSS 0.3%CVE-2024-13429MEDIUMWP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Job DeletionEPSS 0.3%CVE-2026-40252MEDIUMBroken Access Control (IDOR) Leading to Cross-Tenant Application Access in FastGPTEPSS 0.3%CVE-2025-52447HIGHAuthorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (set-initial-sql tabdoc commanEPSS 0.3%CVE-2025-5949HIGHService Finder Bookings <= 6.0 - Authenticated (Subscriber+) Privilege Escalation via change_candidate_passwordEPSS 0.3%CVE-2026-4868HIGHAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.3%CVE-2026-38807HIGHInsecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java componentEPSS 0.3%CVE-2025-32373MEDIUMDNN allows a registered user to enumerate and access files they should not have access toEPSS 0.3%CVE-2025-65672HIGHInsecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course settings.EPSS 0.3%CVE-2025-1667HIGHSchool Management System – WPSchoolPress <= 2.2.16 - Missing Authorization to Privilege Escalation via Account TakeoverEPSS 0.3%CVE-2026-33052MEDIUMMantisBT: Authorization Bypass in Global Profile CreationEPSS 0.3%CVE-2026-4503HIGHUnauthenticated Insecure Direct Object Reference (IDOR) Vulnerability in Langflow Desktop Image Download EndpointEPSS 0.3%CVE-2024-55471MEDIUMOqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. This allows unauthorized useEPSS 0.3%CVE-2025-53208HIGHWordPress Maya Business <= 1.2.0 - Insecure Direct Object References (IDOR) VulnerabilityEPSS 0.3%