Weaknesses of type CWE-639

1,582 results
CVE-2025-65887MEDIUMA division-by-zero vulnerability in the flow.floor_divide() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) EPSS 0.3%CVE-2023-38513MEDIUMWordPress Photo Engine Plugin <= 6.2.5 is vulnerable to Insecure Direct Object References (IDOR)EPSS 0.3%CVE-2023-4099HIGHMultiple vulnerabilities in IDM Sistemas QSigeEPSS 0.3%CVE-2025-13842MEDIUMBreadcrumb NavXT <= 7.5.0 - Missing Authorization to Sensitive Information ExposureEPSS 0.3%CVE-2026-56230HIGHCapgo - Broken Object Level Authorization via x-limited-key-id HeaderEPSS 0.3%CVE-2025-66954MEDIUMA vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid useEPSS 0.3%CVE-2025-7013MEDIUMIDOR in QRMenumPro's Menu PanelEPSS 0.3%CVE-2024-11275MEDIUMWP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User DeletionEPSS 0.3%CVE-2026-3306MEDIUMImproper authorization in GitHub Projects allows modification of issue and pull request metadata without repository write accessEPSS 0.3%CVE-2025-61779HIGHTrustee's attestation-policy endpoint is not protected by admin autenticationEPSS 0.3%CVE-2026-29189HIGHSuiteCRM has a REST API V8 IDOR: Missing ACL Checks on User Preferences and Relationship EndpointsEPSS 0.3%CVE-2026-44207MEDIUMFrappe: Insecure Direct Object Reference for email accountsEPSS 0.3%CVE-2024-43916MEDIUMWordPress Zephyr Project Manager plugin <= 3.3.102 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2024-13841MEDIUMBuilder Shortcode Extras – WordPress Shortcodes Collection to Save You Time <= 1.0.0 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2025-10759MEDIUMWebkul QloApps CSRF Token authorizationEPSS 0.3%CVE-2026-29204CRITICALInsufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user’s `addonId` EPSS 0.3%CVE-2026-40127MEDIUMAuthorization Bypass Through User-Controlled Key in OutSystems LifetimeEPSS 0.3%CVE-2026-23754HIGHD-Link D-View 8 IDOR Allows Credential Disclosure and Account TakeoverEPSS 0.3%CVE-2026-2028MEDIUMMaxi Blocks <= 2.1.8 - Missing Authorization to Authenticated (Author+) Media File Deletion via 'old_media_src' ParameterEPSS 0.3%CVE-2024-31296MEDIUMWordPress BookingPress plugin <= 1.0.81 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%