Weaknesses of type CWE-639
1,581 resultsCVE-2026-41950MEDIUMDify < 1.14.0 Authorization Bypass via File UUIDEPSS 0.3%CVE-2024-47316MEDIUMWordPress Salon Booking Wordpress Plugin plugin <= 10.9 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-58137HIGHApache Fineract: IDOR via self-service APIEPSS 0.3%CVE-2026-41277HIGHFlowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)EPSS 0.3%CVE-2023-30960MEDIUMInsecure Direct Object Reference (IDOR) in Foundry job-trackerEPSS 0.3%CVE-2025-1270CRITICALInsecure direct object reference (IDOR) vulnerability in H6WebEPSS 0.3%CVE-2025-31867MEDIUMWordPress JS Job Manager Plugin <= 2.0.2 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2022-46179CRITICALLiuOS vulnerable to Authorization Bypass through User-Controlled KeyEPSS 0.3%CVE-2026-45398HIGHOpen WebUI: IDOR - Retrieval API Bypasses Knowledge Base Access ControlsEPSS 0.3%CVE-2024-51559HIGHImproper Access Control Vulnerability in Wave 2.0EPSS 0.3%CVE-2026-6810MEDIUMBooking Calendar Contact Form <= 1.2.63 - Authenticated (Subscriber+) Insecure Direct Object Reference to Calendar TakeoverEPSS 0.3%CVE-2025-0352HIGHRapid Response Monitoring My Security Account App Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2026-42999MEDIUMAn issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raEPSS 0.3%CVE-2023-30216MEDIUMInsecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account informatioEPSS 0.3%CVE-2026-2554HIGHWCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.25 - Authenticated (Vendor+) Insecure Direct Object Reference to Arbitrary User DeletionEPSS 0.3%CVE-2026-4654MEDIUMAwesome Support <= 6.3.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Unauthorized Ticket Reply Access via 'ticket_id' ParameterEPSS 0.3%CVE-2023-3286HIGHA BOLA vulnerability in POST /secretaries in EasyAppointments < 1.5.0EPSS 0.3%CVE-2026-21409HIGHImproper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communicEPSS 0.3%CVE-2025-14974MEDIUMIBM InfoSphere Information Server is vulnerable due to Insecure Direct Object ReferenceEPSS 0.3%CVE-2024-10689MEDIUMXLTab – Accordions and Tabs for Elementor Page Builder <= 1.4 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%